Web sites don't necessarily have to be injected with malicious code (the kind of code that ends up delivering exploits to the user’s browser). In fact we see a LOT of Web sites that are injected with code used for black SEO purposes. This kind of code targets the visiting search engine instead of directly targeting the visiting user with exploits. This is a phenomenon also known as Spamdexing.
When search engines visit a Web site, they also look at the links that the Web site currently links to. Having a reputable Web site (for example CNN.com) link to your site (if you have one) will add to the reputation of your site from the search engine's perspective. The opposite is also true: if a reputable Web site links to a dodgy and not reputable Web site, that won't be good for the reputable Web site and will affect its reputation from the visiting search engine's perspective.
As part of spammers' and scammers' efforts to get good reputation to their cunning Web sites and their customers' sites, take for example Opole.pl: this official and pretty popular local Polish government Web site has had one of its sites injected with rogue links to pharmaceutical Web sites.
The links are hidden from the user's browser (see the screenshot below), and since they have been injected to the Web site, it would probably be as easy to change them or add additional rogue links, like Iframes or scripts that can potentially lead to malicious content.
You might wonder: how common are hijacks like these? They're pretty widespread. The next graph shows the number of compromised/hijacked pages used for black SEO purposes so far this week. Bear in mind that this graph represents only one analytic that we have in ACE for spamdexing hijacks. The numbers are huge and the trend is clear – the bad guys are monetizing from such black SEO activities.
Websense customers are protected from such attacks with our Advanced Classification Engine analytics, our suite of technologies within TRITON.
Snapshot of the Injection in Opole.pl:
The official Web site of Opole Poland – Opole.pl:
Related Posts
- BBC – 6 Music and 1xtra Web site Injected With Malicious iFrame
The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of the BBC 1Xtra radio station Web site. At the time of writing this blog, the sites are still linking to an i... - India’s Popular Financial Web Site Moneycontrol.com Compromised
Websense Security Labs™ ThreatSeeker™ Network has detected that the main Indian site of moneycontrol.com was compromised and injected with malicious code on November 6th 2010. It... - Ecuador Government Web Site Attack
A situation has arisen in a governmental site in Ecuador. Taking advantage of a vulnerability on the server where the Web site is hosted, the attackers succeeded in accessing the system remotely.
V... - MEDTECS Taiwan Web Site is inserted malicious links
MEDTECS Taiwan Web Site is inserted malicious links, the malware name is Trojan.Asprox.The home page of MEDTECS Taiwan Web Site as below:The above home page contains malicious link as below:The malici... - ‘Terrorizing’ Twitter & Facebook
You've probably heard by now that the US Department of Homeland Security is working on an overhaul of its terrorist alert system, which would involve, among other things, alerting people through Twitt... - Hundreds of College and Government websites still redirecting to fake stores
In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web... - Highly Targeted Attacks and the Weakest Links
Here at Trend Micro, we have seen all kinds of cybercrime and digital threats. For the first-ever Cybersecurity Awareness Day in Singapore, one of my colleagues, Richard Sheng, has taken time out to e... - UK Government counts the Cost of Cybercrime
The British government has released a report on the annual cost of cybercrime to the United Kingdom. The study mechanism seems greatly flawed, in that it relies almost exclusively on published report... - World Record for Disaster Scam Site?
Approximately two hours after an 8.9 earthquake hit northeast Japan we spotted the first potential donation scam site. We’ve seen this before of course, but for a scam site to appear in just two... - Fake Security Software Websites – Still popular in 2011
Fake security software is a form of computer malware that misleads users into installing and potentially paying for fake security software. The sites convince users to download the malicious software ...
Posted on 25 February 2011. Tags: Government, Injected, Links, Opole.pl, Pharmaceutical, Polish, Popular, Site
The above information is reprinted from and copyrighted © by Websense.
