widespread hacking, defacement or blackhat SEO?

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

widespread hacking, defacement or blackhat SEO?

Postby NotBuyingIt » Sun Oct 30, 2011 11:21 am

While reviewing a PhishTank incident report, I came across a webpage that curiously had a large number of pharmaceutical search terms linked to many different sites.

http://canuinvision.com/

Following some of those suspicious links, I found webpages that have additional lists of pharmaceutical search terms, but not URLs, (apparently) planted upon them, irrelevant to the pages' topics, and have their titles and some metadata (apparently) altered. Some additional webpages on some the same sites also appear to be decorated in the same inappropriate manner.

I may have seen a similar situation on a much smaller scale before. I don't understand any purpose beyond vandalism to this collection of sites with irrelevant pharmaceutical terms. Can anyone explain it?
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm

Re: widespread hacking, defacement or blackhat SEO?

Postby Red Dwarf » Sun Oct 30, 2011 2:00 pm

Without seeing specific examples it's hard to say. But I can hazard a guess.

It may be a repetition of a previous phenomenon but with a new twist.

You may recall a few years ago a phase which I labelled URIBL poisoning. It was a spammers' counter-measure to the sytems that detect and report URLs found in spam. That phase really screwed up the spammed URL extraction systems by imbedding fake URLs in spam. I remember that uribl.com was just one of many affected.

What you are describing sounds like SEO poisoning. The bad guys know that Google is being widely used to detect bulk numbers of their domains simply by using pharmacy terms in searches. I suggest that they are hoping to muddy the waters by adding innocent sites to the search results in order to make this detection method less effective.

Does that fit the description of what you are seeing?
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10453
Joined: Tue Jun 27, 2006 2:01 am

Re: widespread hacking, defacement or blackhat SEO?

Postby NotBuyingIt » Sun Oct 30, 2011 5:53 pm

Yes, thanks. I was seeing some very muddied waters. (The keyword cloud of drug terms at canuinvision.com has vanished, but the phishing scam is still running.)

The following secondary sites are still muddied with the keywords:
bluelinecity.com
carmelgreen.org
imrivers.org/raritanriver/process/
erinivey.com
bfdnyc.com
dvblog.org/?p=6602
fremontartscouncil.org
thoughtcast.org
benramsey.com
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm


Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron