A malicious SEO poisoning attack, also known as a Blackhat SEO attack, occurs when hackers manipulate search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites.

SEO poisoning can be used to drive traffic to an intentionally created malicious site, or it can take advantage of existing and popular Web properties by using cross site scripting (XSS) on a legitimate site. One common SEO poisoning method used today is to take already existing Web pages where a file has been uploaded to redirect the user to a malicious site. As the site is known and has often been around for years, it appears legitimate when it comes up at the top of the search results. The cybercriminals exploit the input and display vulnerability on these sites. This malicious site could be anything from advertising cut price Viagra or offering to ‘scan’ your computer for malware for example.

By targeting the top Google searches, hackers are able to drive traffic to sites using highly popular search terms. The average number of malicious sites in any Google search using hot/trending topics (as ranked by Google), by the end of last year (2009), stood at 13.7% for the top 100 results. This means that for every 100 results – around 14 of the links suggested to you may be to a malicious site and not what you were searching for at all.

SEO poisoning attacks are successful because they move in quickly and move on just as fast. As soon as a malicious campaign is recognized and removed from search results, the attackers can automatically redirect their botnets to a new, timely search term.

In my time I have come across 2 examples of Black Hat SEO and in both occasions, the website owner was days away for being black-listed by Google. As both website owners ran their respective businesses online, this could have meant a complete loss of business for 6 months.

Be VERY careful when finding cheap SEO companies out there offering ridiculous promises such as ‘top of Google’ for £100pcm. They may well perform miracles initially, but can cause your site could irreparable damage. If you need advice, please get in touch with me via my website.


