Blackhat SEO: abusing Google Trends to serve malware

Donald DeBolt CA - HCL
Kiran Bandla CA - HCL

  download slides (PDF)

More than 90% of today's malware is spread via the Internet. Spam continues to be a primary distribution method for malware. Yet to avoid the added defences of anti-spam controls, the malware community has turned to search engines in an attempt to get in front of the widest audience possible. Search Engine Optimization (SEO) is a well documented practice and now we see the malware community has taken SEO to a whole new level. Known as blackhat SEO, websites are compromised en masse, carefully selected content is added, later to be indexed by a search engine. Practically any keyword search performed is susceptible to manipulation by blackhat SEO techniques. Yet, to be the most effective, Google Trends keywords are being targeted programmatically to ensure a constant stream of potential victims.

In this paper, we discuss the technical details behind such attacks. Specifically, we explain the logic flow of this attack, how Google Trends keywords are abused, identify the technologies exploited, and share statistics gathered during our research.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.