How hackers exploit search trends to drive traffic to malicious sites



This bank holiday weekend, there were a couple of major stories in the news. On Friday, people all over the world celebrated the royal wedding, then, on Monday, we were told Osama Bin Laden had been killed.

Both events, despite their stark contrasts, had strange parallels. Both sparked outpourings of national pride and flag-waving, and both were seized upon by cybercriminals using “˜SEO poisoning’ tactics to manipulate search results and spread malware.

So what is SEO poisoning exactly?

SEO poisoning refers to a range of techniques used by hackers to get malicious content to appear above legitimate sites in search engine results. In some cases, SEO poisoning is used to generate visits to a specially-built malicious site, but legitimate sites can also be compromised through “˜cross site scripting’ (XSS) – a tool that lets hackers insert client-side script into web pages viewed by other users.

The most common objective of SEO poisoning is to spread “˜scareware’ – users get a message warning them their computer is infected, and are prompted to download a bogus anti-virus program which is in fact a malicious package.

Because of the amount of traffic associated with “˜trending’ news stories, search terms related to those stories have become a favoured target for those behind SEO poisoning attacks. The attacks are usually recognised by search engines quite quickly, but hackers can simply move on to the next big news story, using automated systems to keep an eye on the most popular search terms.

IT Pro Portal reported that Osama Bin Laden’s death “sparked a series of phishing and malware attacks mounted by hackers” and the Naked Security blog reported that many of the image results for searches on the royal wedding were located “within malicious SEO pages” which, if users click through to them, “redirect to a rogue web site.”

What does all this mean for users?

Users should be aware that there’s a chance they’ll come across an SEO poisoning attack if they’re searching a topic that’s recently had intense news coverage. Sites that aren’t well known should be approached with caution, and sites that fill the screen with pop-ups should be avoided completely. Similarly, users should be vigilant about which sites they allow to run dynamic content such as JavaScript or Flash. Anyone using the Internet should have anti-virus and anti-spyware software installed, and operating systems should always be kept up to date. In general, if a site looks dodgy, it probably is!

What does this mean for your organisation?

In order to protect your company website and avoid becoming a vehicle for SEO attacks, it’s vital that web servers are monitored and secured. Whilst some attacks will redirect visitors from your site to a malicious one, there is also a risk that hackers will insert irrelevant keywords or meta data into pages on your site, giving the impression that you are the ones engaged in “˜black-hat’ (unethical) SEO practices. That could lead to Google and other major search engines imposing penalties (downgrading your page rank, for instance).

What does this mean for the future of search?

There is a growing sense that black-hat SEO has become so advanced that the search engines are themselves being undermined. Ultimately, search engines will only continue to prosper as long as they are seen by users as trustworthy organisers of information. That means they will continue finding more sophisticated ways to root-out and penalise the black-hat techniques used by cybercriminals and unscrupulous businesses.

If you enjoyed that article, here are some more you might like:


Latest from Tecmark


While it’s good to have words on your site, but copywriting isn’t just about filling up the page with words and moving on to the next task. There’s so much more to copywriting than hammering the keyboard for eight hours a day. Fulfilling the task requires a lot more than hitting the word count.


Search Engine Optimisation is an ongoing process and in order to get the most out of your results, you need to have a long term strategy in place. On the other hand, almost all new websites can benefit from an SEO boost in their baby stages.


Journalists are inundated with pitches and press releases, the majority of which will be moved straight to their trash without a second’s thought. So how do you nail your subject line so your pitch isn’t immediately disregarded?