Do you use Google every day? I sure do, and not only that, but I generally trust that the results that show up in a Google search to be malware-free and clean. A less-well-known type of attack, called SEO Poisoning (SEO is Search Engine Optimization) is a scary tactic, which takes advantage of algorithms used to calculate search engine results, and manipulates its way into the top several results for a search to deliver its malware.

1. Search Smarter

Statistically speaking, hackers lurk among popular trends – movies, media scandals, natural disasters, etc. You are more likely to encounter a SEO poisoning attack when searching for something that is recently in the news. Now, I am not advocating ceasing any searches about popular topics by any means. But, it is very important to think about what content you are about to view. Is the charity you are about to donate to actually legitimate? Is the site you’ve visited sending popups with “Free Antivirus” products or warnings? Are you viewing a well-known site, or some spoof site from a third-world-country? Consider your goal and your means when searching, always use your head before clicking (especially the “download” or “run” buttons!)

2. Watch out for Topic Mismatch

Sites are usually dedicated to one niche, or general category. In the example above, it’s odd that a vacation property site links to a popular media topic… This kind of thing, while possible, is rare, and may be indicative of a malware-driven site, or a spoofed site alltogether.

3. Watch the Page Type and Don’t Run Javascript/Flash from Unknown Sources

In the example above, the page is a PHP script (not uncommon), with the search string as a query. However, each time you allow dynamic content to run on your browser (Javascript, Flash, Microsoft Silverlight, etc) – you open up yourself to a range of possible attacks. Recently, a popular SEO poisoning attack leveraged on a vulnerability in Flash to deliver its payload. We recommend a plugin such as No-Script for Firefox, to combat unwanted/unknown code from running. Again, legitimate content from legitimate sites is a good thing, but globally enabling these plugins can result in a vulnerable system. It is easier to exploit a system with many potential vulnerabilities!

4. Patch your system, Run AV and Anti-Spyware Software ALWAYS

This should be a given, but the fact is: many users repeatedly fail to install critical security patches, run anti-virus software and anti-spyware. No system is completely hardened from attacks, and failing to install the needed security software and patches increases the impact of an attack exponentially. Patches exist to correct vulnerabilities that are discovered (read:out in the open for hackers to exploit!). No one tool is completely comprehensive or perfect either.

To protect against SEO poisoning attacks, the following browser plugins are recommended:

• Ad-Block Plus – Blocks annoying advertisements and dangerous content (Firefox)
• Web of Trust – Safe Browing Initiative, Rates Sites Based on User Input (Firefox)
• No-Script – Block Javascript and other annoying (sometimes malicious) dynamic content, except by explicit permission (Firefox)

5. The Moral of the Story: Use common sense!

What this all boils down to is: users need to wake up from the blissful world of “oh, it won’t happen to me” and understand that the internet is inherently untrustworthy. There are tools and resources out there for every operating system, and every browser to make your search experience a safe one, but ultimately, the responsibility rests with you. Think before you type and click – don’t let those hackers steal your machine or your peace of mind.

Share This Article

Filed under:
Articles by wepman