This bank holiday weekend, there were a couple of major stories in the news. On Friday, people all over the world celebrated the royal wedding, then, on Monday, we were told Osama Bin Laden had been killed.

Both events, despite their stark contrasts, had strange parallels. Both sparked outpourings of national pride and flag-waving, and both were seized upon by cybercriminals using ‘SEO poisoning’ tactics to manipulate search results and spread malware.

So what is SEO poisoning exactly?

SEO poisoning refers to a range of techniques used by hackers to get malicious content to appear above legitimate sites in search engine results. In some cases, SEO poisoning is used to generate visits to a specially-built malicious site, but legitimate sites can also be compromised through ‘cross site scripting’ (XSS) – a tool that lets hackers insert client-side script into web pages viewed by other users.

The most common objective of SEO poisoning is to spread ‘scareware’ – users get a message warning them their computer is infected, and are prompted to download a bogus anti-virus program which is in fact a malicious package.

Because of the amount of traffic associated with ‘trending’ news stories, search terms related to those stories have become a favoured target for those behind SEO poisoning attacks. The attacks are usually recognised by search engines quite quickly, but hackers can simply move on to the next big news story, using automated systems to keep an eye on the most popular search terms.

IT Pro Portal reported that Osama Bin Laden’s death “sparked a series of phishing and malware attacks mounted by hackers” and the Naked Security blog reported that many of the image results for searches on the royal wedding were located “within malicious SEO pages” which, if users click through to them, “redirect to a rogue web site.”

What does all this mean for users?

Users should be aware that there’s a chance they’ll come across an SEO poisoning attack if they’re searching a topic that’s recently had intense news coverage. Sites that aren’t well known should be approached with caution, and sites that fill the screen with pop-ups should be avoided completely. Similarly, users should be vigilant about which sites they allow to run dynamic content such as JavaScript or Flash. Anyone using the Internet should have anti-virus and anti-spyware software installed, and operating systems should always be kept up to date. In general, if a site looks dodgy, it probably is!

What does this mean for your organisation?

In order to protect your company website and avoid becoming a vehicle for SEO attacks, it’s vital that web servers are monitored and secured. Whilst some attacks will redirect visitors from your site to a malicious one, there is also a risk that hackers will insert irrelevant keywords or meta data into pages on your site, giving the impression that you are the ones engaged in ‘black-hat’ (unethical) SEO practices. That could lead to Google and other major search engines imposing penalties (downgrading your page rank, for instance).

What does this mean for the future of search?

There is a growing sense that black-hat SEO has become so advanced that the search engines are themselves being undermined. Ultimately, search engines will only continue to prosper as long as they are seen by users as trustworthy organisers of information. That means they will continue finding more sophisticated ways to root-out and penalise the black-hat techniques used by cybercriminals and unscrupulous businesses.