System security experts need to keep up with what the black hatters are doing. Susan Kuchinskas reports on the leading threat.
Just as SQL attacks inject malicious code into databases, link farms "inject" malware into search engine results, according to Chris Larsen, malware research team lead for Blue Coat Systems. And the problem isn't going away.
Speaking at the RSA Conference in San Francisco today, Larsen said that search engine poisoning is easy to do and hard for search engines to detect.
"If the bad guys have something that works well and they do a lot of it, it behooves us good guys to understand it, so we can do something about it," he told the conference audience. In its summer and winter 2011 reports, Blue Coat found that 40 percent of the attacks it tracks began in search -- more than any other vector.
Search engine poisoning aims to lead innocent searchers to malware or scam destinations. First, black hats create link farms -- sites consisting of thousands of links to bogus pages. Then, they use bots to spam the web with links to the bogus sites by making nonsense comments on blogs and in forums. Larsen showed a screen grab from a forum discussion consisting of computer-generated usernames replying to each other with strings of links.
"To the search engine, that says this is an exciting story and people are involved," Larsen said. So, the engines rank the pages highly, allowing them to float up to the top of search results.
Read the rest about search engine poisoning at eSecurity Planet.