Home Daily Brief Google Search Fails Again: Recent Black Hat SEO Attacks Lead To Malware And Porn

Google Search Fails Again: Recent Black Hat SEO Attacks Lead To Malware And Porn

Google Search Fails Again: Recent Black Hat SEO Attacks Lead To Malware And Porn
0

There is no such thing as a flawless electronic system. Computers are hackable, and networks are susceptible to remote compromise. The same goes for search providers. Development slip-ups and security loopholes can undermine the integrity and defenses of these services. All it takes is a competent adversary with enough time and resources at their disposal.

Get started on your cybersecurity degree at American Military University.

Even Google that leverages state-of-the-art technologies to thwart adverse manipulation cannot stop all black hat SEO stratagems in their tracks. To hoodwink the tech giant’s sophisticated algorithms and poison search results with dodgy content, though, malicious actors must think outside the box.

Compromised government and college websites spread malware

Setting up booby-trapped web pages and trying to boost their online presence through shady link building schemes is one of the common black hat SEO strategies. It is a tedious and pricey exercise, though. Instead, some criminals take shortcuts and mishandle reputable sites that have a good reputation.

A campaign like that ended up on security researchers’ radar in early August 2020. Its operators hacked a handful of sites belonging to U.S. government entities, educational institutions, and international nonprofit organizations. The list of victims includes the National Institute of Health, UNESCO, Arizona State University.

The hacks were a part of the evil plan used as a launchpad for further exploitation. The crooks piggybacked on the unauthorized site access to post articles claiming to provide tips to compromise other people’s social network accounts. For instance, UNESCO.org hosted content about hacking someone’s Instagram account.

Because all these web resources are authoritative and rank high in Google, the fraudulently posted materials quickly reached the top of search results pages (SERPs) by the target keywords. The articles were riddled with links leading to rogue hacking tools. Users were instructed to download a file that would supposedly unlock the actual password-cracking feature.

Instead of doing what it said, though, the link would redirect users to pages hosting online scams that would try to dupe visitors into handing over their personal information. In some scenarios, covert scripts would also install malicious code onto users’ devices. One of the reported payloads is the infamous malware loader called Emotet.

The criminals mostly gained a foothold on targeted sites through known flaws in CMS platforms. One of them is a vulnerability in the Webform module used on numerous Drupal installations.

U.S. government sites redirecting to NSFW content

In late July 2020, security enthusiasts came across a large-scale black hat SEO wave that laced legitimate Google search results with links to pornography sites.

The logic of this abuse revolves around what’s called Open Redirects, also referred to as Unvalidated Redirects and Forwards. In a nutshell, it allows a criminal to create a rogue URL that looks identical to a reputable domain name listed in SERPs and therefore instills confidence that the web resource is safe. When clicked, though, it reroutes the user to an unwanted page instead.

A sample structure of such a link is as follows: hxxps://www.legitimatesite.gov/login.html?url=https://malicioussite.com. The only part you will see on Google is the *.gov domain that does not raise any red flags.

The web resources exploited in this plot include sites for the Louisiana State Senate, the Commodity Futures Trading Commission, the Colorado Department of Higher Education.

At the time of writing, it is not clear how exactly the felons managed to manipulate Google’s crawlers. The only good news is that the landing pages host harmless (yet embarrassing) NSFW materials rather than dangerous malware.

Coronavirus-themed comment spamming

According to the findings of cybersecurity experts at Imperva, many fraudsters are capitalizing on the COVID-19 theme. In an ongoing campaign that took root in February 2020, these gangs have been pumping out huge volumes of spammy content that pushes rogue online drug stores.

To boost the search engine rankings of their shady marketplaces, the con artists use bots or automated scripts that deluge various websites, including popular medical discussion forums, with comments containing links to fake pharmacies. The crooks benefit from this tactic in two ways. First of all, some site visitors get curious, follow the embedded links, and run the risk of getting on the scammers’ hook. Secondly, since these pages contain a plethora of trending keywords that fit the COVID-19 context, Google lists them high in its SERPs.

Summary

Google dominates the global web search ecosystem for a reason: it boasts unparalleled search results accuracy owing to intelligent algorithms at its heart. However, even with top-notch technologies underlying its services, it cannot tackle all present-day black hat SEO challenges.

 

This article was written by David Balaban from Forbes and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.

Comments

comments