eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
A gang of hackers known as the Linkoptimizer Gang (aka Gromozon) upset Windows Live Search results in Italy last week by manipulating SERPs to return spurious pages, Symantec’s security blog reports. The manipulated pages apparently don’t contain malicious software as yet.
Google was targeted in 2006 by the same gang, in a scheme that attempted to install a Trojan.
How bad is the recent Googlebomb (or Live Bomb, if you think it more apropos)? The Gromozon gang selected a list of popular Italian keywords — including “translation lyric song,” “health subscription” and “model calendar” — then registered domains using other Italian words. From Symantec:
“in this case, the list of possible URLs we have seen on the Web is huge! At this stage the gang has domain names with “hot” keywords that already ensure a good score by the search engine, but to have the maximum ranking they also need to use some other tricks. So, on each of these Web spaces they uploaded a Web page that includes links to legitimate sites that are related to a specific keyword (e.g. jacket). Each page also contains encrypted Javascript, which works as redirector (it takes users over to a different Web site). Interestingly, all of the pages display the colors of the Italian flag (green, white and red) as a background.The left column of this page has a long list of URLs that link to other weird pages. The goal is to create a sophisticated and intricate spider web of self-referenced Web pages that will get the highest rank from Internet search engines. That’s because search engine algorithms analyze how pages are linked using graph theories. The more a page is referenced by external links, the more popular this page becomes. The web spider structure (the structure of pages like the ones created by the Gromozon gang) is used to trick the search engines into displaying the specific results the attackers want. We observed that the problem affects Windows Live for Italy and Germany, and also some other Italian versions of other search engines (e.g. Lycos), but with a lower impact.“