NEWS FROM THE LAB - Thursday, April 28, 2011

Be Careful If Searching For Images of Kate Middleton's Dress Posted by Sean @ 14:41 GMT

Real-world events occasionally generate a massive number of online searches. Japan's recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the world's attention to Google. And as topics trend in Google's search results, Search Engine Optimization (SEO) attacks are attempted. Our March 11th post urged caution while searching for information.

The post also noted that Google has been doing a pretty good job of keeping SEO attacks at bay and filtered out of their search results. Web results that is…

Since October of last year, we've seen a steady growth in image based SEO attacks. Because Google is winning the (cat and mouse) battle against malicious site SEO, some attackers have shifted to image searches. Image based SEO attacks are more of a technical challenge. Instead of following trends and then connecting to a hosted attack site, the attacker must instead connect a trending topic to a particular image, and then link that image to a compromised site, which then links to the attacker's site.

It's a fascinating evolution that our Threat Insights team has been investigating.

But we'll provide more details about that in a future post.

Today, we want to mention what's likely to be a heavily searched for image tomorrow, Kate Middleton's wedding dress.

People aren't simply going to want to read about the wedding of Prince William and Kate Middleton, they're going to want to see it. And so tomorrow, we expect Google's image search to be more popular than ever.

We're already seeing some "royal wedding coverage" SEO attacks.

Here's an example which includes some well known footballers in the results:

SEO image attacks

The image is called "0611-soccer-studs1-credit.jpg" is linked to "lingerie-now.com".

Google's preview is loaded in the front, while the host site is loaded in the background.

SEO image attacks

What happens next is that the background site is linked to the attack site, which takes over the page and displays a warning message, an attempted scareware attack.

SEO image attacks

You can see the linkages here:

SEO image attacks

The site then renders an animated "Online Scan":

SEO image attacks

All of the results are nonsense of course, this example is from a clean test machine:

SEO image attacks

Unfortunately, SEO driven scareware attacks are very successful, relatively speaking. Consumers have been scammed out of millions of dollars by this type of attack.

So be wary of this potential threat if you're among those searching for wedding pictures.

SEO image attacks

Goggle's Web search result for "royal wedding" places the couple's official site at the top of the page.

And here's another timely example of an image based SEO attack targeting those that searched for US President Barak Obama's birth certificate, which was released by the White House yesterday, from GFI Labs' Christopher Boyd.