Setting the Trap The hacker sets up a server to deliver malware upon request.
Search engine poisoning attacks use ranking algorithms to link and direct users to websites that host malware. The attacks can be hard to trace because hackers don’t require control of the servers involved in the scheme, instead relying on knowledge of vulnerable URLs. Combining HTML code injection with cross site scripting (XSS) lets hackers insert a malicious script into browsers, tricking search engines into indexing dangerous links. When users follow these links, their computers are infected with malware. This has a negative impact on a site’s accessibility via search engines. Companies can prevent sites from being abused by protecting web applications against XSS.; protection from malicious references returned as search results is also a responsibility of search engines. Current solutions that warn the user of malicious sites may be enhanced by studying the footprints of a SEP via XSS, allowing more accurate and timely notifications, as well as prudent indexing. Noa Bar-Yosef is a Senior Security Strategist at Imperva.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.