Blog

Cyber Crime – Google Search Engine Result Poisoning

Posted on by Darragh Reynolds
Google Search Engine Poisoning
10
Nov

Introduction

Google search engine result poisoning is a type of cyber attack in which attackers exploit Google’s search engine algorithms to manipulate search results and drive traffic to malicious websites.

In this blog post, we will discuss how attackers are using this technique to abuse HTTP 301 and HTTP 302 redirects to poison search results and direct users to malicious sites. We will also provide a step-by-step overview of how the attack works and how to protect yourself from it.

How the attack works

The attack begins with the attacker compromising a legitimate website. Once the website is compromised, the attacker installs malicious code that scrapes data from other websites and creates new pages to display the scraped data to Google’s search engine. The attacker then submits these new pages for indexing so that they get listed in Google search results.

When a user searches for a specific keyword, the attacker’s pages may appear at the top of the search results. If the user clicks on one of these pages, they will be redirected to a malicious website.

To avoid detection, the attacker uses HTTP 301 and HTTP 302 redirects. HTTP 301 redirects are permanent redirects, while HTTP 302 redirects are temporary redirects. When a user clicks on a link that uses an HTTP 301 redirect, they are permanently redirected to the new URL. When users click on a link that uses an HTTP 302 redirect, they are temporarily redirected to the new URL.

The attacker uses HTTP 302 redirects to avoid detection by search engines. When a search engine visits the attacker’s page, it is redirected to Google. This is because the attacker’s page uses an HTTP 302 redirect to Google. Since Google is a whitelisted website, the search engine does not flag the attacker’s page as malicious.

However, when a user clicks on the link from Google search results, they are redirected to the malicious website. This is because the attacker’s page uses an HTTP 301 redirect to the malicious website.

Example:

Example Search engine poisoning 1

This site does appear to have been compromised, and it is now playing host to a multitude of subdomains.

Example Search engine poisoning 2

How to protect yourself

To protect yourself from Google search engine result poisoning, you can take the following steps:

  • Be careful about clicking on links in Google search results.
  • Look for URLs that are machine-generated (i.e. random characters like examples show).
  • Use a security solution that can scan websites for malicious content.
  • Web filtering solution may help (i.e. the solution sandboxes the websites before serving them to the user).

If you believe that you may have visited a malicious site, you should immediately scan your computer for malware. You should also report the website to Google.

View Full “Google Search Engine Poisoning” Walkthrough.