This strategy begins with the creation of a website which targets a specific keyword or phrase with high search volume. The chances of ranking for this keyword are boosted with the use of link pyramids and private blog networks. The end result is a website that appears to be legitimate at first glance, and one that is recklessly indexed by reputable search engines.
High-ranking search results on Google, Bing, Yahoo and other popular search engines attract everyday users. These are the primary targets of SEO poisoning strategies. If some person or thing clicks on the malicious search result, an algorithm is in place to distinguish between people and crawlers (also known as bots) so that the attacker can take action.
This is usually in the form of redirection, where users are routed through several domains of compromised websites. Each redirection puts the user’s security at risk, as holes are actively scouted so that viruses and other malicious programs can be served to their device. On the surface it may appear that a page is being loaded, but in reality a compromise is taking effect. Either the user’s information is being stolen, or their computer is being bombarded with a string of attacks.
When SEO Poisoning targets Unsecured Websites and Applications
SEO poisoning is as much a threat to websites as it is to users. In essence, it isn’t much different from the manipulative strategies used in online business when vying for top search positions. There are billions of websites on the World Wide Web and the competition of being discovered is fierce. There are some webmasters who’d rather abuse the system than to invest their time, energy and/or money into ranking their website the ethical way. This alone qualifies as malicious intent.
But the fact that some webmasters actually seek to topple competing websites makes SEO poisoning an increasing threat. It’s actually easy to do—particularly when targeting those sites which rank high but have little emphasis on security. In these scenarios, the first symptom of SEO poisoning is a sudden drop in search rankings. If that page or site has ranked well for many years, it is possible that a hacker or malicious code is behind its change in performance.
Cleaning the site’s infected files does not always correct the issue. Many times the entire website must be wiped and restored from backup copies. But this is only half the battle, as the attack could reoccur if you fail to determine its point of entry. Whether by exploit or retrieval of user information, webmasters must ensure that default credentials are never used, and that users regularly update their passwords and anti-virus (AV) software to prevent the onslaught of SEO poisoning.