How do you navigate through virtual reality? What is the first webpage you open when you are looking for something online? Where do you go to answer a ‘how to’ question most often? For the majority of users, the answer would be Google.
It’s been 18 years since Stanford PhD students Larry Page and Sergey Brin founded their company and steered it to global dominance in the search engine universe, beating the next 14 largest competitors combined. However, with as many as 1.6 billion visitors each month, it is not only the biggest player in the game, but also one of the most interesting ways for cybercriminals to find future victims.
Black hat SEO
Recently, ESET warned users not to get lured into traps by websites offering fake tickets for the UEFA Euro Championship and the Rio Olympic Games. Despite being malicious and fraudulent, many of these pages ranked at the top of ‘Euro 2016 tickets’ and ‘Rio 2016 tickets’ search queries.
“How is that even possible, with all the security mechanisms in place?” you might ask. The reason is so-called black hat SEO (search engine optimization). The term describes how bad guys take advantage of rules set up by Google to acquire the highest position in search queries.
There are multiple ways to exploit the rules. One of the most sophisticated methods, dubbed ‘cloaking’, displays one type of content and/or URL to the user, and a different set to the search engine crawler – thus the ranking scores higher but leads users to irrelevant pages.
Another way to gain more attention during a web search is to notify the servers of new content, several times per minute. This creates the illusion that new things are being posted there often, helping the pages rise in the rankings.
However, not all scammers are opting for such complicated methods. Much simpler are link farms – multiple pages with mostly low quality content controlled by scammers, linking to each other in an attempt to improve their visibility in search. Stuffing websites with keywords, although the content is not related to them, is also considered a black hat SEO technique.
What all these malevolent practices have in common are the end goals – to phish victims’ sensitive information or serve them malicious content such as ransomware, banking trojans or spyware. In an effort to plant malware onto victims’ computers, the bad guys often use exploit kits.
Do you still run Flash, use an old version of Internet Explorer, or any outdated and un-patched applications? Just by visiting an infected page, your computer can be scanned for vulnerabilities by the exploit kit and misuse these loopholes to get access to your device. No additional clicks or permissions needed.
Remember this next time you are Googling and clicking the first link that comes up. Without proper multilayered protection – through security software – your machine can end up infected, your sensitive information stolen, or even worse all of your data encrypted.
by Ondrej Kubovic, ESET We Live Security