P
plat1098
Thread author
One of every 200 Google search autocomplete suggestions are poisoned and are used to drive traffic to misleading sites, to malware, or other malicious content, a team of academics from three US universities has discovered.
This is one of the most recent types of blackhat search engine optimization (BHSEO) techniques observed in the wild.
The research team says it identified several companies that offer such services, which usually involve two stages —poisoning the autocomplete suggestions and then poisoning the search results listings where users land when selecting the poisoned search suggestion.
Tens of services available online
"We found that manipulating suggestion has already become a booming business, with tens of services available online," researchers said.
Some services use special tools that automate search queries in headless browsers spread across different IP addresses, while some services use human operators. Prices range from $1 to $20 per day, per the table below.
Sacabuche technique identifies poisoned search suggestions
Researchers used a technique named Sacabuche (Search AutoComplete Abuse Checking) to identify poisoned search autocomplete suggestions from a dataset of 117 million suggested terms
"We are surprised to find that this new threat is indeed pervasive, having a large impact on today’s Internet," the research team said.
"More specifically, over 383K manipulated suggestions (across 257K triggers) were found from mainstream search engines, including Google, Bing and Yahoo!," they said. "Particularly, we found that at least 0.48% of the Google autocomplete results are polluted."
The team also identified over 3,000 sites in the search results listings that appear when users click the autocomplete suggestions, meaning the second part of this blackhat SEO strategy is as successful as the first. .....
------------------------------------------------------------------------------------------------------------------------------------------------
The concept isn't new but the frequency of occurrence seems to be rising.
This is one of the most recent types of blackhat search engine optimization (BHSEO) techniques observed in the wild.
The research team says it identified several companies that offer such services, which usually involve two stages —poisoning the autocomplete suggestions and then poisoning the search results listings where users land when selecting the poisoned search suggestion.
Tens of services available online
"We found that manipulating suggestion has already become a booming business, with tens of services available online," researchers said.
Some services use special tools that automate search queries in headless browsers spread across different IP addresses, while some services use human operators. Prices range from $1 to $20 per day, per the table below.
Sacabuche technique identifies poisoned search suggestions
Researchers used a technique named Sacabuche (Search AutoComplete Abuse Checking) to identify poisoned search autocomplete suggestions from a dataset of 117 million suggested terms
"We are surprised to find that this new threat is indeed pervasive, having a large impact on today’s Internet," the research team said.
"More specifically, over 383K manipulated suggestions (across 257K triggers) were found from mainstream search engines, including Google, Bing and Yahoo!," they said. "Particularly, we found that at least 0.48% of the Google autocomplete results are polluted."
The team also identified over 3,000 sites in the search results listings that appear when users click the autocomplete suggestions, meaning the second part of this blackhat SEO strategy is as successful as the first. .....
------------------------------------------------------------------------------------------------------------------------------------------------
The concept isn't new but the frequency of occurrence seems to be rising.