CGISecurity Logo

Blackhat SEO: XSS the trick that keeps on kicking

"Last week's massive IFRAME injection attack is slowly turning into a
what looks like a large scale web application vulnerabilities audit of
high profile sites. Following the timely news coverage, Symantec's
rating for the attack as medium risk, StopBadware commenting on XP
Antivirus 2008, and US-CERT issuing a warning about the incident, after
another week of monitoring the campaign and the type of latest malware
and sites targeted, the campaign is still up and running, poisoning
what looks like over a million search queries with loadable IFRAMES,
whose loading state entirely relies on the site's web application
security practices – or the lack of.

What has changed since the last time? The number and
importance of the sites has increased, Google is to what looks like
filtering the search results despite that the malicious parties may
have successfully injected the IFRAMEs already, thus trying to
undermine the campaign, new malware and fake codecs are introduced
under new domain names, and a couple of newly introduced domains within
the IFRAMES themselves."

Using XSS for SEO purposes has been
known for years in the blackhat community. I suspect abuses such as these
against search engines will cause them to switch to a more user driven voting system (like digg) for term results.

Article Link: http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html
Example Index: http://www.google.com/search?q=72.232.39.252&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a