Networking

02:54 PM
Connect Directly
RSS
E-Mail
50%
50%

Search Engine Poisoning: One More Thing To Worry About

A report from security firm Blue Coat Systems identifies a rising threat to computer users in the enterprise and in the home: Search Engine Poisoning (SEP), in which Web pages delivering a malware payload are made to look like legitimate pages and include keywords that would cause them to come up in search results.

A report from the security firm Blue Coat Systems identifies a rising threat to computer users in the enterprise and in the home: Search Engine Poisoning (SEP), in which Web pages delivering a malware payload are made to look like legitimate pages and include keywords that would cause them to come up in search results. At the same time, Blue Coat's mid-year security report identifies the rising threat of malware delivery networks (MDNs) that are growing in size by swallowing up smaller MDNs.

Although SEP has been around for a while as an attack method, it is now the number one emerging threat online, according to the Blue Coat report. Search engine-delivered malware is as much of a concern to enterprise workers as consumers because workers often legitimately use search in the course of their work, said Tom Clare, senior director of security product marketing for Blue Coat.

The way SEP works is that distributors of malware maintain large "link farms" where they create malicious links that represent all sorts of things people would search for online. Clare gave the example of Keen Footwear, a brand of hiking shoes. If someone searches for that brand in a search engine, as many as half of the top 10 results could be links to malware. SEP is particularly devious in that it doesn't actually have to infect the Web site of Keen Footwear but can still trick end users.

"When you click on that site it sees that you're coming from a search engine and because you came from a search engine with the query string 'looking for Keen shoes' at that compromised site, it then forwards you into the malware delivery network," Clare said. SEP doesn't attack users who go directly to a site.

Cyber criminals who use search engine poisoning look for URLs that are vulnerable to cross-site scripting (XSS), a weakness in Web applications that enables attackers to inject malicious code, said Scott Crawford, managing research director at Enterprise Management Associates.

"They may look like they are going to a legitimate site but they are taking advantage of the site's vulnerability to cross-site scripting to redirect the user to a malicious Web site," Crawford said. "[SEP] has been around a while but is rising in use because ... it enables attackers to use oftentimes highly rated or legitimate Web sites as part of an attack."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
14
White-Box Switches: Are You Ready?
Tom Hollingsworth 7/28/2014
11
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
7
Understanding IPv6: Link-Local 'Magic'
Denise Fishburne, Cisco Champion,  7/24/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed