14 DAY TRIAL // Microsoft has suspended the search capability on its Safety & Security Center website after it was discovered that cyber crooks poisoned the results with malicious links.
Search result poisoning, technically known as black hat search engine optimization (BHSEO), is a common method used to distribute malware or promote spam sites.
The technique involves compromising legit websites and creating pages under their domain that are filled with popular search keywords.
Attackers then use other hacked websites to link back to the pages, therefore increasing their search result standing for the targeted terms.
But, while the pages appear to have content to search engine crawlers, they are designed to redirect real visitors to malicious websites.
According to Alex Eckelberry, the general manager of security software at GFI, the BHSEO campaign on Microsoft's Safety & Security Center website is a bit different.
It appears that cyber criminals have managed to create search results to search results. "In other words, blackhat SEOs are seeding illegimate search results within the Microsoft search results. Pretty tricky and impressive," the security expert notes.
"There are a number of ways this could be done (for example, using the ability on the site to Twitter a search result)," he explains.
The rogue search results on Microsoft's Security Center predominantly led to malicious adult sites which asked users to download special codecs in order to play videos. This is an old trick used by malware distributors and in this case the codec was a piece of adware called Zugo which works as a rebranded Bing toolbar.
"It's a rather poetic twist of irony (unrelated to the search story here), that Zugo is a Microsoft Bing partner," Eckelberry concludes. At the time of writing this article, the Microsoft Security Center website no longer had a search box and the company was probably cleaning up the damage.