The Case of the Search Engine Poisoning

ThE CASE Ot THe searCH Engi/© EN8¡N@ POjaoNing Search Engine Poisoning (SEP): An attack that abuses search engines' ranking algorithms to promote a hacker-controlled website that contains malware. Follow us as we retrace the steps of a SEP from start to finish: Attacker that delivers malware upon popular request sets up Server На Hacker obtains list of popular 2 URLS Vulnerable to XSS (usually through "Google Hacking") Attacker modifies URLS to 3 include popular key Words ("Lady Gaga") and XSS code Attacker posts newly crafted URLS to hundreds of webpages that accept user generated content (e.g. comment boxes, forums, reviews) Search engine bots index newly crafted URLS, giving them a high ranking when associated with the popular keyword Victim searches for the 6 popular search term, Click s on the affected URL and is redirected to the attacker- controlled site Victim becomes infected 7 with malware and the attacker takes control of the machine Learn more about SEP at OMPERA blog.imperva.com