Illicit web sites selling everything from drugs and adult content to counterfeit goods are boosting their SEO rankings by using illegally created referral links from legitimate websites, Amichai Shulman, co-founder and CTO of Imperva told SC MagazineUK.com.
Shulman explained that the company had identified more than 700 host IP addresses used by a botnet to launch SQLi and HTML link injection as well as comment spam attacks on vulnerable websites to create hidden links back to their clients' websites. So instead of using the technique to steal data, it was used to insert data, in a 'crime-as-a-service' operation offered to dodgey web sites.
“It's not a victimless crime,” Shulman told SC, adding, “Over the longer term the Google ranking of the victim site goes down as a result of this [manipulation of SEO ranking]." A lot of sites need to be hit, hence the use of a botnet to send out the attacks. The ‘link farms' can be made up of content and links, and in some cases the links go via intermediary referral sites.
Shulman adds, “Its a serous threat but its easy to mitigate – ye so many applications don't bother. They think hacking is something so complex that there's nothing they can do, but often its not about winning a big battle, but taking simple actions. And smaller companies often think they can't afford to defend themselves, but for a small app the costs can start from about US$ 50 per month. They are only being attacked because they decided to do nothing.”
Another issue is that the sites affected have proven themselves to be vulnerable to attack and thus the criminals could use this gateway attack to identify future victims and chose to come back and steal or change data at another time.
Details of how Imperva discovered the attack are detailed in its Hacker Intelligence Initiative (HII) Report entitled: Black Hat SEO: A Detailed Analysis of Illegal SEO Tactics.