Careless users searching Google for Java JRE, MSN 7 and Windows 8 got more than they were looking for

Oct 23, 2015 16:01 GMT  ·  By
Users clicking poisoned Google search results where being redirected to pages where they could have downloaded malware-infected software
2 photos
   Users clicking poisoned Google search results where being redirected to pages where they could have downloaded malware-infected software

Cyber-security vendor Heimdal Security is reporting on a black hat SEO campaign that's being used to poison Google search results with URLs that lead to malware-infested Web pages.

In layman terms, black hat SEO is a collection of techniques used by webmasters to optimize their sites primarily for search engines with the sole purpose of boosting their site's position in search results, sometimes to the detriment of the content and experience users get while navigating the site.

Black hat SEO techniques are usually frowned upon, and websites caught using them are penalized by search engines.

While most of the times website owners agree to use them for the purpose of boosting their business' visibility on Google's search results and its famed "first page," these techniques are sometimes used by malicious parties as well.

In a recent campaign across which Heimdal Security stumbled upon, cyber-crooks were using black hat SEO tricks to boost the search engine ranking of Web pages specifically crafted for spreading malware.

The campaign targeted technical users searching for Java, Windows, and MSN

Whenever users would be typing terms like Java JRE, MSN 7 or Windows 8, the first links that would appear at the top of Google's search results would be the ones carrying malware (image below).

Anyone accessing these pages would be in serious danger of getting infected with all sorts of "goodies," either by downloading malicious software on their computers, automatically entering redirection loops and eventually landing on pages serving an exploit kit, or being shown scareware and then tricked into paying for unneeded services or software.

The potential for abuse is limitless, Google's popularity providing the perfect medium for spreading any type of malicious content, operations like these being much simpler and cheaper to setup when compared to complicated spam campaigns.

This is not the first time black hat SEO has been used to spread malware, SophosLabs reporting this July on a search results poisoning trick that involved PDF files.

Photo Gallery (2 Images)

Users clicking poisoned Google search results where being redirected to pages where they could have downloaded malware-infected software
Poisoned Google search results
Open gallery