Real-world events occasionally generate a massive number of online searches. Japan's recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the world's attention to Google. And as topics trend in Google's search results, Search Engine Optimization (SEO) attacks are attempted. Our March 11th post urged caution while searching for information.
The post also noted that Google has been doing a pretty good job of keeping SEO attacks at bay and filtered out of their search results. Web results that is…
Since October of last year, we've seen a steady growth in image based SEO attacks. Because Google is winning the (cat and mouse) battle against malicious site SEO, some attackers have shifted to image searches. Image based SEO attacks are more of a technical challenge. Instead of following trends and then connecting to a hosted attack site, the attacker must instead connect a trending topic to a particular image, and then link that image to a compromised site, which then links to the attacker's site.
It's a fascinating evolution that our Threat Insights team has been investigating.
But we'll provide more details about that in a future post.
Today, we want to mention what's likely to be a heavily searched for image tomorrow, Kate Middleton's wedding dress.
We're already seeing some "royal wedding coverage" SEO attacks.
Here's an example which includes some well known footballers in the results:
The image is called "0611-soccer-studs1-credit.jpg" is linked to "lingerie-now.com".
Google's preview is loaded in the front, while the host site is loaded in the background.
What happens next is that the background site is linked to the attack site, which takes over the page and displays a warning message, an attempted scareware attack.
You can see the linkages here:
The site then renders an animated "Online Scan":
All of the results are nonsense of course, this example is from a clean test machine:
Unfortunately, SEO driven scareware attacks are very successful, relatively speaking. Consumers have been scammed out of millions of dollars by this type of attack.
So be wary of this potential threat if you're among those searching for wedding pictures.
Goggle's Web search result for "royal wedding" places the couple's official site at the top of the page.
And here's another timely example of an image based SEO attack targeting those that searched for US President Barak Obama's birth certificate, which was released by the White House yesterday, from GFI Labs' Christopher Boyd.