It’s bad enough that malware is virally spread via paid search and social networking links. But now there are more accounts of it being spread via natural search links as well. In a practice called SEO Poisoning fraudsters use Search Engine Optimization (SEO) techniques to mix malware-laden search results with legitimate ones. Many infected URLs are found within the top 10 search results and thus have a higher likelihood of a user clicking through.
Many of these attacks are targeting major product events and popular websites. Just last month for example two attacks (as reported by Websense) targeted the much anticipated Google Wave beta invitation and the Microsoft Securing Essentials (MSE) product launch. Earlier this year the March Madness basketball tournament was also targeted. In these situations fraudsters anticipated that people would be searching on these topics and leveraged black hat SEO techniques (such as keyword stuffing and link farms) to push their malware-linking results to the top of the search engine results page. While Google has automatic scanners for detecting and blacklisting malware sites there remains a window of opportunity for fraudsters to push their results to the top of the results page before being detected and expunged.
What can brand owners do to protect their brand from these attacks? First and foremost brand owners need to remain vigilant on how and where their brand is being used to preserve the trust in their brands especially around major product announcements. Malicious links are now found everywhere in organic and paid search results as well as blogs and micro-blogs so brand owners should take a holistic approach to monitoring for potential abuse across the entire Internet. If malware is detected on Google brand owners can report the suspected malware link via the Google Safe Browsing malware reporting page. Brand owners with search capabilities in their websites can also guard against the tactic described above by filtering out scripts in their search queries before the results are exchanged with the search engines. Finally enterprise anti-malware solutions such as our own provide brand owners with an efficient response for blacklisting and shutting down these sites and retrieving stolen information.”