430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Sophos discovered new tricks to poison Google Search engine

Hackers are using a new search engine poisoning method to circumvent Google’s page ranking-algorithms, the technique relies on PDF documents. Researchers from Sophos discovered the new search poisoning method used to circumvent cloaking-detection mechanisms implemented by Google. The experts found hundreds of thousands of unique PDF documents per day implementing the poisoning technique. The term cloaking indicates the […]

Sophos discovered new tricks to poison Google Search engine

Hackers are using a new search engine poisoning method to circumvent Google’s page ranking-algorithms, the technique relies on PDF documents.

Researchers from Sophos discovered the new search poisoning method used to circumvent cloaking-detection mechanisms implemented by Google. The experts found hundreds of thousands of unique PDF documents per day implementing the poisoning technique.

The term cloaking indicates the practice to deceive Google’s page indexer, basically the various methods are designed to serve the web crawler (Googlebot) with content that is crafted to mislead Google into considering a site relevant for the researchers on specific terms.

Despite Google continually refine its search algorithms, experts try to optimize their websites to obtain high rankings. Black Hat Search Engine Optimization (SEO) is the techniques the criminals and hackers use to rapidly increase the ranking of their domain before the search engine will ban them. Black Hat SEO motivations are always financial, hackers operate to earn from the traffic they redirect to a specific domain that could be used for several illegal activities, including the spreading of malware.

Google implements numerous countermeasures against this practice to make it harder to cloak sites, but bad actors in the wild have started to use phony PDFs.

Basically, Google seems to trust more PDF that common HTML page, trusting the links the PDF files contain and the keywords used in their composition.

“As far as we can tell, Google’s cloaking-detection algorithms, which aim to spot web pages that have been artificially (and unrealistically) loaded with keywords, aren’t quite so strict when the bogus content is supplied in a document. It seems that Google implicitly trusts PDFs more than HTML, in the same way that it trusts links on .edu and .gov sites more than those on commercial web pages,” wrote Dmitry Samosseiko, director of global threat research for Sophos.

poisoned search engine google

Attackers are using this method to manipulate Google page ranking, the PDF documents in this way receive a high search ranking and are used to redirect users clicking into the PDF to a different site used for several malicious purposes (i.e. to serve a malware, for phishing campaigns, etc.).

“A document that looks legitimate at first glance turns into complete nonsense when you start reading it. Also, you can clearly see the hyperlinks placed throughout the document. Those are the links that, when followed, expose the whole link farm to the Googlebot.”

“We suspect that this technique could be used for a variety of purposes, including the distribution of malware,” Samosseiko says. “So far, however, we have only seen it in a marketing campaign to promote so-called ‘binary trading’ broker services.”

Sophos reported the illegal practice to Google and they expect a prompt action of the company to prevent further abuses.

“We trust that the necessary measures are being taken to counter these search result poisoning attempts,” Samosseiko added.

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Google, search engine)

[adrotate banner=”5″]

[adrotate banner=”13″]