Microsoft security center search results poisoned with malicious links

Microsoft suspended the search capability on its Safety & Security Center Web site after it was discovered cyber criminals poisoned the results with malicious links. Search result poisoning, technically known as black hat search engine optimization (BHSEO), is a common method used to distribute malware or promote spam sites.

The technique involves compromising legitimate Web sites and creating pages under their domain that are filled with popular search keywords. Attackers then use other hacked Web sites to link back to the pages, increasing their search result standing for the targeted terms. However, while the pages appear to have content to search engine crawlers, they are designed to redirect real visitors to malicious Web sites. According to the general manager of security software at GFI, the BHSEO campaign on Microsoft’s Safety & Security Center Web site was unique. It appeared cyber criminals managed to create search results to search results. “In other words, blackhat SEOs are seeding illegimate search results within the Microsoft search results,” the security expert noted. “There are a number of ways this could be done (for example, using the ability on the site to Twitter a search result),” he explained. The rogue search results on Microsoft’s Security Center predominantly led to malicious adult sites which asked users to download special codecs in order to play videos.
Source: Poisoned-with-Malicious-Links-210836.shtml