The Dark Side of SEO

There's a constant battle between search engines and webmasters. Website owners want to rank as high as possible, and do so with various SEO practices, while search engines want to provide users with the most relevant results. This conflict of interest can sometimes lead to shady behavior and 'frowned upon' tactics from the webmasters but generally things are pretty benign. There is, however, a darker side to SEO, when malware pushers get involved.

The practice isn't anything new and has been used by all sorts of nefarious groups for a while now, as security software maker Avast has also found. A research made by the company's security experts has uncovered a network of hijacked sites used to game Google's search algorithm with the scope of pushing fake antivirus software. By using the hundreds of compromised websites they have under control, these groups can use them to artificially bolster the ranking of another site or sites infested with malware.

Popular targets are celebrities and all sorts of fast spreading news. Time and time again, these events have been exploited by malware and scareware vendors for their own agenda. “These guys had targeted keywords out on Bill Clinton within hours of the former president’s heart operation. They have an extremely sophisticated understanding of search engine optimization (SEO),” Jindrich Kubec, Avast director of antivirus research, said.

The setup discovered by Avast is a typical one for this type of operations. One network of sites is used to pollute the regular search results for the particular keywords that the groups target. These are legitimate sites that may not even know they have been compromised by hackers. When users land on one of these sites, coming from the Google search results page, they are redirected to the pages holding the fake antivirus software.

A separate network of sites, also under the control of the groups, is used to game the search algorithms to push up the ranking of the first group of sites. For all its sophistication though, in the end, the scheme still relies on the users themselves clicking on the fake warnings and installing the infected software, but having a decent antivirus and security soft doesn't hurt.