Donald DeBolt CA - HCL
Kiran Bandla CA - HCL
download slides (PDF)
More than 90% of today's malware is spread via the Internet. Spam continues to be a primary distribution method for malware. Yet to avoid the added defences of anti-spam controls, the malware community has turned to search engines in an attempt to get in front of the widest audience possible. Search Engine Optimization (SEO) is a well documented practice and now we see the malware community has taken SEO to a whole new level. Known as blackhat SEO, websites are compromised en masse, carefully selected content is added, later to be indexed by a search engine. Practically any keyword search performed is susceptible to manipulation by blackhat SEO techniques. Yet, to be the most effective, Google Trends keywords are being targeted programmatically to ensure a constant stream of potential victims.
In this paper, we discuss the technical details behind such attacks. Specifically, we explain the logic flow of this attack, how Google Trends keywords are abused, identify the technologies exploited, and share statistics gathered during our research.