Blackhat SEO poisoning: Halloween tricks and holiday malware interview

GFI is a computer security software company; I often read the GFI Labs blog for news about latest online threats. The scams may change, but the tried-and-true threat tactics by cybercriminals remain about the same, utilizing things like blackhat SEO poisoning to successfully infect devices.

Blackhat SEO link poisoning, scams, tricks

 Although the poisonous pranks and tainted tricks go far beyond Halloween, this seemed a great time to get insight into these trends as well as tips to avoid them. You might know about it, but how about your parents or other people who are not nearly so security-savvy? You might want to warn them that their simple searches could infect their computers . . . especially if you will be the one called upon to fix them for free. ;-)

Email interview with Jovi Umawing, communications and research analyst for GFI Software:

At what point does the blackhat SEO really kick in before a holiday, and how long after an event or holiday do the results stay tainted?

GFI's Jovi Umawing: While there are a number of factors that dictate how early before an event blackhat SEO kicks in and how long after search results stay tainted, the reality is that cybercriminals will begin their attacks when its most opportune for them and leave them up for as long as they are effective. Cybercriminals follow user habits and look out for trends in searches. So if attackers notice an uptick in people searching for costumes and other holiday-related things two months before Halloween, then they’ll pounce and get poisoned links in search results as soon as they can. The bottom line is that consumers need to remain vigilant and follow basic IT security best practices at all times.

As soon as Halloween tricks and tainted link treats pass, do cybercrooks start working to poison the next set of holiday searches such as Thanksgiving, Black Friday and Cyber Monday results?

GFI's Jovi Umawing: Absolutely. Cybercriminals always latch on to upcoming events to trick unsuspecting victims into falling for their scams. Once Halloween passes, consumers will start searching for new Thanksgiving recipes and the best Black Friday and Cyber Monday deals – giving attackers ample ammo to work with. In fact, based on curated data from GFI Labs, Black Friday and Cyber Monday are among the most targeted holidays for malicious scams. The volume of product searches and online transactions that take place during these few days creates an opportunity for cybercriminals to target online shoppers with SEO poisoning, malicious links on social media sites, phishing scams and other attack methods.

Do special events, celebrity deaths, holidays or hot new games/cheat codes end up infecting the most users?

GFI's Jovi Umawing: Because special events, holidays, popular new stories and trending topics, such as the launch of new products or games, attract so much consumer interest, cybercriminals always target them to infect unsuspecting users. Thankfully, we haven't seen many targeted attacks focused on celebrity deaths -- real or not – this year. However, special events held this year, such as the 2012 Olympic Games in London, have proved very fruitful for criminals to propagate malware. Cybercriminals exploited the public’s insatiable interest in all aspects of the 2012 Games through a variety of attack methods, including SEO poisoning, phishing scams, fake apps and survey scams. And we can expect a similar scenario as Black Friday, Cyber Monday and the kickoff of the holiday shopping season approaches. The combination of the holiday season and a high online transaction period is too good for cybercriminals to pass up.

This past year, we’ve also seen a steady increase in malware preying on mobile users, specifically those with Android devices. Criminals have relied on popular games like Angry Birds to fuel their attacks. They also often disguise their malware in the form of software updates, for Adobe Flash Player for example, to trick users into installing malicious files onto their mobile devices.

Is Facebook, Twitter, other social media, or search results the most popular source for spreading malware?

GFI's Jovi Umawing: Social media is definitely a popular target for cybercriminals because users often let their guard down when using these sites. And attackers exploit popular features specific to each social networking tool to trick users into thinking their scams are legitimate. For example, Facebook users often click on links in friends’ posts without thinking twice. Knowing this, cybercriminals propagate fake pages by including them in wall posts that tie into current affairs, such as breaking celebrity news. Exploiting comments and the “Like” button is another common tactic used by attackers. Cybercriminals take advantage of YouTube’s video platform to lure users into downloading malicious files under the guise of things like video game cracks, music videos and sneak-peek movie trailers. In terms of SEO poisoning, Twitter is especially dangerous because attackers rely heavily on users leaving the safety of Twitter by clicking on rogue links in Tweets that bring them to malicious sites hosted elsewhere. The true destinations of these links are often hidden behind shortened URLs.

While some social media sites are quick to respond to attacks by taking down spam accounts and posts touting suspicious links, users still need to be extra cautious when using these tools, as they are still a favorite target of cybercriminals.

Are you seeing any new trends in phishing, blackhat SEO or otherwise spreading malware?

GFI's Jovi Umawing: The biggest trend we are seeing is the uptick in mobile malware infections and other cybercrime being perpetrated on mobile devices running Android and other popular operating systems. The interesting thing is that the tactics that cybercriminals use to go after mobile users are often simply recycled from the successful PC campaigns that we have come to see as commonplace for many years. Phishing that would have taken place over email last year may come in the form of a text message this year, but the outcome for victims remains the same. Their personal information will be at risk. Furthermore, many mobile users tend to be even more prone to malware infections because they often don’t realize that it is necessary to secure your device with mobile antivirus solutions. Users often understand the importance of securing a PC, but we are still in the early stages of educating the public about the dangers of mobile cybercrime.

Although Google will often warn of potential malicious sites in search results, what are the best tips to avoid tainted search links?

GFI's Jovi Umawing: Three best practices that we always share with consumers to stay safe online and avoid falling for poisoned links include:

  • Never click on a link or accept a download from an unfamiliar source. Always verify URL addresses – especially shortened URLs – before clicking them to ensure they will direct you to a trusted, reputable website.  Although it may seem obvious, this is perhaps the most important thing users can do to prevent clicking on a poisoned link.  
  • Install browser applications or add-ons that help users identify and block tainted sites listed by search engines. There are a number of add-ons that obfuscate referrer tags – essentially hiding the fact that a user arrived on a poisoned site from the criminals behind it. While this may not sound like a big deal for users, referrer information is very important to cybercriminals because they use it to determine which popular keyword searches to target in SEO results.
  • Do not provide personally identifiable information if redirected to a site through a Web search.  Instead, navigate directly to the official site by typing the Web address into your browser. Many fraudulent sites are carefully engineered to spoof trusted ones, in order to entice the user into providing financial information.

The best prank or one that just won't die every Halloween?

GFI's Jovi Umawing:  Like Halloween costumes, we see a lot of the same SEO poisoning tricks every year. Cybercriminals will deploy their standard tricks this year, just like they have done in years past, so consumers should remain vigilant when searching for keywords such as “Halloween costumes,” “pumpkins,” “ghost stories,” “Halloween games,” as well as when browsing for Halloween-themed electronic cards. Additionally, before making online purchases for Halloween-themed events like haunted corn mazes, haunted houses and bar-hosted costume parties, consumers should make sure that they are on a trusted website that provides encryption for credit card transactions. Look for the closed padlock icon on the browser’s address bar or at the bottom of the screen. Also, check the browser’s address bar to confirm that the URL begins with “https,” signifying a secure site that provides encrypted communication.

Online Halloween tainted tricks, poisonous pranks, blackhat SEO

Thank you to Jovi and GFI Labs. Like an echo from the past, I advise you to be careful out there, so you get the treats and not tricked. Watch out for muhahaha maliciousness and happy Halloween! 

Join the discussion
Be the first to comment on this article. Our Commenting Policies