How Websites Poison Your Computer
Search engine poisoning attacks use ranking algorithms to link and direct users to websites that host malware. The attacks can be hard to trace because hackers don’t require control of the servers involved in the scheme, instead relying on knowledge of vulnerable URLs. Combining HTML code injection with cross site scripting (XSS) lets hackers insert a malicious script into browsers, tricking search engines into indexing dangerous links. When users follow these links, their computers are infected with malware. This has a negative impact on a site’s accessibility via search engines. Companies can prevent sites from being abused by protecting web applications against XSS.; protection from malicious references returned as search results is also a responsibility of search engines. Current solutions that warn the user of malicious sites may be enhanced by studying the footprints of a SEP via XSS, allowing more accurate and timely notifications, as well as prudent indexing. Noa Bar-Yosef is a Senior Security Strategist at Imperva.