In this week’s report of the MacDefender fake antivirus program, we mentioned how this fake antivirus is delivered to users by way of SEO poisoning techniques. In an article on Krebs on Security, journalist Brian Krebs gives some detailed information on how SEO poisoning works, and why it works so well.
One of the main targets of SEO poisoning is via Google Image search. In part this is because it is harder to trick out a full web page and get it to appear high in Google’s search results than it is to get images high in the list. Once a user clicks on a thumbnail in the Google Image search results, this sets off the malicious code that can lead to malware being delivered (or, potentially, other types of attacks).
Russian malware researcher Denis Sinegubko goes much deeper into the techniques used in this SEO poisoning, and says:
I would call this the most efficient and easy to implement black hat SEO trick to drive search traffic to a site. And you don’t actually need to hack someone else’s sites — you can implement this on your own site with similar results.
These new techniques of SEO poisoning allow malicious users to serve malware easily via Google Image searches. Users need to be very careful about anything that downloads following a search. If you see an unexpected download, delete it.