Posts by joel
How hackers exploit search trends to drive traffic to malicious sites
This bank holiday weekend, there were a couple of major stories in the news. On Friday, people all over the world celebrated the royal wedding, then, on Monday, we were told Osama Bin Laden had been killed.
Both events, despite their stark contrasts, had strange parallels. Both sparked outpourings of national pride and flag-waving, and both were seized upon by cybercriminals using ‘SEO poisoning’ tactics to manipulate search results and spread malware.
So what is SEO poisoning exactly?
SEO poisoning refers to a range of techniques used by hackers to get malicious content to appear above legitimate sites in search engine results. In some cases, SEO poisoning is used to generate visits to a specially-built malicious site, but legitimate sites can also be compromised through ‘cross site scripting’ (XSS) – a tool that lets hackers insert client-side script into web pages viewed by other users.
The most common objective of SEO poisoning is to spread ‘scareware’ – users get a message warning them their computer is infected, and are prompted to download a bogus anti-virus program which is in fact a malicious package.
Because of the amount of traffic associated with ‘trending’ news stories, search terms related to those stories have become a favoured target for those behind SEO poisoning attacks. The attacks are usually recognised by search engines quite quickly, but hackers can simply move on to the next big news story, using automated systems to keep an eye on the most popular search terms.
IT Pro Portal reported that Osama Bin Laden’s death “sparked a series of phishing and malware attacks mounted by hackers” and the Naked Security blog reported that many of the image results for searches on the royal wedding were located “within malicious SEO pages” which, if users click through to them, “redirect to a rogue web site.”
What does all this mean for users?
Users should be aware that there’s a chance they’ll come across an SEO poisoning attack if they’re searching a topic that’s recently had intense news coverage. Sites that aren’t well known should be approached with caution, and sites that fill the screen with pop-ups should be avoided completely. Similarly, users should be vigilant about which sites they allow to run dynamic content such as JavaScript or Flash. Anyone using the Internet should have anti-virus and anti-spyware software installed, and operating systems should always be kept up to date. In general, if a site looks dodgy, it probably is!
What does this mean for your organisation?
In order to protect your company website and avoid becoming a vehicle for SEO attacks, it’s vital that web servers are monitored and secured. Whilst some attacks will redirect visitors from your site to a malicious one, there is also a risk that hackers will insert irrelevant keywords or meta data into pages on your site, giving the impression that you are the ones engaged in ‘black-hat’ (unethical) SEO practices. That could lead to Google and other major search engines imposing penalties (downgrading your page rank, for instance).
What does this mean for the future of search?
There is a growing sense that black-hat SEO has become so advanced that the search engines are themselves being undermined. Ultimately, search engines will only continue to prosper as long as they are seen by users as trustworthy organisers of information. That means they will continue finding more sophisticated ways to root-out and penalise the black-hat techniques used by cybercriminals and unscrupulous businesses.
Ridiculous trousers optional with Puttluck, the groundbreaking new golf game from Tecmark
Puttluck is the first ever golf app to use the iPhone 4’s gyroscope. Tecmark has spent over a year developing the game for Steve McGuinness – a PGA professional golfer and co-founder of Mobile Golf Games Ltd.
The game features Wii-style motion controls that utilise the iPhone’s built-in gyroscope and is powered by an advanced physics engine.
Puttluck is controlled by swinging your iPhone, imitating the motion and technique used with a real putter. With 9 real holes from the world’s best courses, Puttluck will test your ability to judge the lie of the green and the amount of power required, as well as your ability to execute the putt you just visualised in your head.
The game’s features include arcade and tournament modes, spanning 9 genuine holes from some of the world’s top courses. Players can access live leaderboards and participate in competitions through the Puttluck website.
Leading golf accessories supplier Black Widow are sponsoring the game from its launch. They will be contributing prizes worth £500 for Puttluck competitions. Competitions will run in tandem with major golf tournaments, starting with The Masters 2011 which began today.
You can download Puttluck from the App Store for just £0.59.
Tecmark launches Good Shot for iPhones, iPads and iPod Touch
Developed in partnership with game designer Sanjay Purswani, Good Shot is the latest mobile game from Tecmark.
Inspired by the legendary NES game Duck Hunt (1984), Good Shot is a 2D shooter just as visceral as its 8-bit predecessor. Combining polished graphics with an amusing storyline and a reassuringly direct touch-screen interface, it’s definitely not as easy as it looks, but all the more rewarding as a result.
Good Shot is based around a story mode which puts you in control of a bumbling, pie-obsessed hillbilly who still lives with his long-suffering ‘Ma’. She needs ducks for her notorious home-baked pies, so you load up your 12-gauge and head on out. Along the way, you meet the local flirt, and slaughter some flying pigs in a rather inspired dream sequence. Waddle we think of next?!
There are two difficulty settings in the story mode, and you unlock arcade versions of each level as you progress through the game. Be warned, the arcade mode will suck you in!
You can have a quack at the game for free by downloading Good Shot Lite, or buy the full version from the App Store for just 59p. For screenshots and more, visit www.goodshotgame.com.
Social media: What’s the worst that could happen?
These days, organisations of all sizes are talking about social media strategies. Social media is becoming an increasingly important marketing tool, without doubt. It can help you engage your customers better or get more insight into how they behave, and it’s also a platform you can use for things like PR and recruitment.
At the moment, however, many businesses don’t really have a clue what to do once they’ve signed up for Twitter and Facebook.
Here’s a couple of examples from 2010 of how not to do social media:
- Coca-Cola ran a Facebook campaign for its Dr Pepper brand, in which users allowed their status box to be taken over by the company. This backfired when a Mumsnet user saw her 14-year-old daughter’s Facebook page had been updated with a message that made direct reference to a hardcore porn film, and Coca-Cola had to pull the campaign.
- During the British general election campaign, the Conservative party unveiled a website called Cash Gordon, designed to embarrass the Labour Party. It was supposed to capitalise on user-generated content pulled in from sites like Facebook and Twitter by handing out ‘action points’ to people for their participation. It was set up so that any Tweets containing the hashtag #cashgordon were republished in a live stream on the site. It all went wrong when a few pranksters realised they could hijack the site by including HTML or JavaScript in their Tweets. The hijacking led to the site showing porn, expletive-filled rants, Rick Astley videos, malware links, and redirecting visitors to the Labour party site. Voters were definitely engaged, just not quite how the Tories had anticipated.
Social media can go wrong, but learn from the mistakes of others – don’t be put off. Most organisations can benefit from developing a social media strategy, so if you haven’t already included this in your business plan, you may want have a re-think.