searchengine1Search engine optimised attacks are an interesting, if not unexpected development. We all spend most of our days, tapping words and phrases into search engines. The results come back, we select a URL that looks interesting and off we go. What could be simpler and potentially, more dangerous.

Fraudsters are compromising legitimate pages, inserting code that redirects visitors to the Web sites of fake products and services, and then using search-engine optimization (SEO) techniques to attract victims. They do this by embedding the compromised pages with lists of popular search terms, so as to push the compromised URLs further up the search rankings. VNU Net report that the providers of a questionable affiliate service garnered more than $10,000 a day over a 16 day period. Not a bad return.

This raises the game on all of us. From our standpoint at Symantec, we have long contended that the job we now have to do, in addition to everything else, is to help guide our customers safely around the internet. We have just announced Norton Safe Web.  What this does is address the issue of search engine optimised attacks head on. Using Norton Safe Web, we mark-up all of the URLs returned from a search and using a traffic-light metaphor, directing people to known good sites (sites that are not hosting malware) and away from the bad sites.  It is no small undertaking, we in effect have to crawl and analyse the internet to establish these listings. We need to do this continually, to keep the ratings ‘fresh’ and usable. We have also added a further dimension. For eCommerce sites, we do a fuller analysis as to the reputation and trustworthiness of these sites. More information on Norton Safe Web can be found here.

March 24, 2009 | Filed Under Security 

comments

Leave a Reply