Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: It’s not the Olympics but the everyday stuff

Simon Molenberg | Sept. 6, 2012
New research confirms that big events do not make for successful search engine poisoning attacks. Bad guys have much better luck with everyday items.

More than 900 medals were given out during Olympics 2012 and it's good to know that the team from the search engine poisoning (SEP) gangs did not manage to score even a bronze medal.

The commonly held idea is that the Bad Guys focus their SEP attacks on "Big Events" -- events that make the news in a big way, that everyone is talking about, and searching the Web to find out more about. The Olympics is a good example that shows that this idea is false.

To prove this point, Blue Coat launched a research during the recent Olympics. While there was a lot of searching for Olympics-related content during July and August, the vast majority of those searches ended with clicks to legitimate news and blog sites.

In the 26 days leading up to the Olympics and the first 13 days of the Olympics, there were 28,277 successful SEP attacks (where a user searched for something, got a poisoned result high enough in the search results that they noticed it, believed it to be legitimate, and actually clicked on it) and only 52 of those, or 0.18 percent, involved search terms that were related to the Olympics.

  • In the 26 days leading up to the Olympics, a little over one-tenth of one percent (0.14 percent) of all the SEP attacks involved search terms connected to the Olympics.
  • During the first 13 days of the Olympics, a little over two-tenths of a percent (0.23 percent) of the SEP attacks involved Olympics-related search terms.

While there were reports of Olympics-related malware and scams, e-mail spam and social networking (Facebook and Twitter) were the attack vectors - not search engine poisoning.

This new research confirms that big events do not make for successful SEP attacks. It is far too difficult to get poisoned search engine results high enough in the search page rankings and this matter to a successful SEP attack. According to a 2011 study by Chitika of eight million clicks, ninety-four percent of users click on a first page result. If the bad guys can't get their poisoned search result on the first page, their attack will not be successful.

Legitimate news organisations around the world were covering the Olympics, highlighting the stories that were important to their countries. These legitimate sites are known and trusted by search engines and will be ranked higher as a result, making it difficult for unknown or hacked sites to permeate the rankings on the first page of the Google search. 

On the other hand, the Bad Guys have much better luck with everyday items. Recently, for example, we saw an attack targeting a search for "sample resume letters."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.