Black Hat SEO targets UK education and government sites
by Steve Ragan - Jun 11 2009, 17:56Black Hat SEO, Search Engine Optimization for criminals, is slowly creeping onto thousands of Web sites across the UK. The sites, which are education or government based, include listings and links, or in some cases complete redirects, to sites selling bogus products related to Viagra, Cialis, porn and more.
Discovered by UK-based Backup Technology, the sites include a mix of primary schools, universities, and other local government destinations online. There is no clear pattern or method, only that it would seem the targets carry outdated forum software and site code, such as comment sections and forms, most of which are exploited by XSS attacks.
According to Backup Technology, the goal of the operation is to hijack the reputation of the legitimate site(s) and to, “take advantage of the trust that search engines such as Google place on government websites and by placing a page on these trusted domains can quickly gain top search engine rankings without the effort of creating their own website.”
[Images below show examples]
A few of the UK sites hijacked are using XSS-based redirects in the comment sections, which means when the site is visited the user is taken to a completely unrelated page.
In one page for the DSA, users were taken to “easypharmacy biz/buy_viagra.html” by way of a simple redirect injected into the page. This flaw has since been fixed, but similar attacks are the norm not the exception. You see comment Spam used this way as well, where links to malicious or false content are placed all over by online bots.
The obvious fix for this is to ensure that any given Web site is running the latest version of the various types of third-party code used online. For example, forum software should be constantly updated, and blog software, such as WordPress, constantly maintained. When developing the site, never trust user input, which is how some of the sites were exploited.
Comment on this Story