Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Cyber Criminals Exploit Google PageRank System for Profit

Avast Software : 22 February, 2010  (Technical Article)
Hijacked websites are appearing with high page ranks on Google according to ALWIL Software after crimeware gangs find ways to cheat the system
Malware gangs have infiltrated the Google PageRank system through a sophisticated network of hijacked and redirector websites.

avast! researchers have uncovered a network that serves up hundreds of fake links through hijacked websites to massively cheat the Google search algorithms. These inflate the position of gang-controlled sites within the Google PageRank system.

By positioning themselves among the top search results, these organized gangs are successfully pushing products such as fake antivirus software to consumers and stealing sensitive user data. The American FBI estimated in late 2009 that fake antivirus alone is a 150 million USD industry.

Getting infected results is as simple as entering "Bill Clinton" in the Google searchbar. Clicking on the offered link can result in a fake antivirus program being installed in the unsuspecting web surfer's computer.

"These guys had targeted keywords out on Bill Clinton within hours of the former president's heart operation. They have an extremely sophisticated understanding of search engine optimization(SOE) ," said Jindrich Kubec, avast! director of antivirus research.

"This criminal operation has four units: consumer-facing hijacked sites, SOE maximizing network, redirector sites, and the final malware domains. This is how it works:

1. When consumers search on Google with the targeted keywords, the results can include around one hundred legitimate but hijacked websites. While they look respectable, they are actually fronts, redirecting users into the malware network only after the user clicks on the link from Google. With the SEO unit already poisoning the data, there is a high probability that search results are skewed in their favor.

2. The SOE maximizing unit uses a separate network of hacked legitimate sites to get higher Google PageRank positions. Hacked sites are stuffed with invisible link-filled content, each can have more than 500 unique links bundled with popular keywords. This content is visible only to indexing search engine bots and is hidden from users and from direct page source inspection. Around 70 such sites during our initial research, but I believe the total number is significantly higher.

3. Intermediaries connect the infected Google queries with domains serving up the malware and fraudulent products. These intermediaries are also legitimate sites that have been hijacked. With this specific network, we found three: a Polish site, a hacked German football club and an additional one that was later removed because we actively blocked it.

4. The fourth unit controls the malware domains holding the fraudulent products. This is where you get all those fancy colored warnings and, finally, the binary download of the fake AV application. But, it's important to realize that the specific malware depends on the objective of the gang and can be changed according to their business objectives."

Effective protection requires smart individual behavior from consumers and having an effective antivirus program installed.

"You don't give out your bank card PIN number to a stranger, you shouldn't click yes on an aggressive pop-up. When in doubt, don't click. Our avast! users are protected as we block out infected and hijacked sites to keep them from unintentionally downloading anything from suspect sites. This is an integral part of all avast! free and paid programs. With a 100 million avast! users out surfing the internet, we have a good idea where the bad stuff is," explained Mr. Kubec.

avast! is working to remove infected links from the internet, but the results have been limited so far.

"Our focus is on protecting our end users because this is where we have clear results. In the ideal world, we would work with Google to adapt their search algorithms to find and remove the infected sites. Also, we do try to contact individual administrators, but this is a very time consuming process," he added.

* Fake AV is a $150 million business
* Over 2,200 Google keywords manipulated by malware gangs
* 100 hacked sites seen by web surfers
* 70 hacked sites inflate search results with over 500 unique links each.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo