« The essentials of Web application threat modeling | Main | Web developers, fix thy Flash »

Blackhat SEO: XSS the trick that keeps on kicking

"Last week's massive IFRAME injection attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage, Symantec's rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008, and US-CERT issuing a warning about the incident, after another week of monitoring the campaign and the type of latest malware and sites targeted, the campaign is still up and running, poisoning what looks like over a million search queries with loadable IFRAMES, whose loading state entirely relies on the site's web application security practices - or the lack of.

What has changed since the last time? The number and importance of the sites has increased, Google is to what looks like filtering the search results despite that the malicious parties may have successfully injected the IFRAMEs already, thus trying to undermine the campaign, new malware and fake codecs are introduced under new domain names, and a couple of newly introduced domains within the IFRAMES themselves."

Using XSS for SEO purposes has been known for years in the blackhat community. I suspect abuses such as these against search engines will cause them to switch to a more user driven voting system (like digg) for term results.

Article Link: http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html
Example Index: http://www.google.com/search?q=


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!