WebProNews Ad Rates Click Now!
Read WebProNews
With Friends!

SEO Blackhatters Target Ford Via Google

1 million scareware links dominate search results

Get the WebProNews Newsletter!
By · April 14, 2009 · 15 Comments

PandaLabs has identified over a million spam links used to target Google searchers looking for information about automotive parts from Ford and Nissan especially. Panda calls it “a major Blackhat SEO attack” designed to dupe searchers into downloading spyware or purchasing phony security software.

Searching for the keyphrase “Diagram Of A 1998 Nissan Pathfinder Blower Motor,” for example leads to a Google results page packed with spammy sites. A savvy user can identify them by their unusual URLs starting with an arbitrary number, followed by nonsensical combinations of letters and resolving to Polish domains.

Spammy Search Results

These types of URLs went on for ten pages before I stopped looking—ten pages of weird Polish results for an English query, all mentioning different Nissan Pathfinder parts diagrams. This is a serious error in Google relevance: wrong language, wrong country, wrong parts (bringing back a door handle diagram isn’t the intent of the searcher in this instance), wrong sites, all of them likely created very recently.

Clicking on any of the links is likely to lead to a webpage prompting the searcher to download a codec that is actually malware designed to present bogus security warnings. The malicious program then prompts the user to spend as much as $80 to download the security program to get rid of the viruses. This type of malware is called “scareware” or “rogueware” and has become so popular among the underground lately probably because it works.

Sean-Paul Correll, a security analyst for PandaLabs provides a partial list of the keywords and phrases targeted in this highly organized attack and provides a video to illustrate how it works. Though many of the examples target Nissan, Panda says over a million target Ford alone.

 

Targeted Blackhat SEO Attack against Ford Motor Co. from Panda Security on Vimeo.

“This case is especially interesting because it’s one of the few SEO attacks that we have seen targeting a single, specific brand,” said Correll.

How are cybercrooks accomplishing such search engine dominance? Well, there are a number of blackhat SEO tactics, and it would be hard to identify exactly which ones. But one obvious tactic is fooling Google’s trust algorithm by slipping in links to target sites on trusted sites. In a Web 2.0 era defined by reader commentary and user-generated content, this becomes especially easy to accomplish.

Spammy Comments

Running a quick link check of some of the results Google was returning show spammers have made use of a comments section on Beerinator.com, a North Carolina-based beer enthusiast community, and also of the comments section on Logrithmic.com, a music blog. Ever seen a bunch of nonsensical text or irrelevant “nice site” comments with a link?

Random Word Spam

These appear to be the main tactics. The spammers also take advantage of forums—one link showed up on this South African paramedics forum, the commentary section of which is a veritable spam bonanza. Beyond that, all these strange Polish sites seem to link to each other.

Correll said Google could (and presumably does) monitor these attacks in house, but the company also has the option of outsourcing security to other companies to combat them. “They could also try to modify their algorithm, but that is not really a viable option given the expense and the high likelihood of technical issues (i.e. negative impact on their core search IP and capabilities).”

Google did not return request for comment about what Google is doing about a spate of similar attacks or whether recent tweaks to their algorithm have allowed it.
 

RELATED ARTICLES:

Google Changes P.O. Box Rules for Businesses

Google Changes P.O. Box Rules for Businesses

Google Small Business just announced in its Product Forums that it's changed some if its policies regarding P. O. boxes. Basically, P. O. Boxes are no longer permitted in either address lines 1 or ...
Google Gets Over a Million Takedown Requests Each Month

Google Gets Over a Million Takedown Requests Each Month

Google's yearly transparency report is available, and right away, they make one thing perfectly clear: They get and respond to over 1 million takedown requests on a monthly basis. Not only do the...
Google+ Gets A Little Less Emphasis From Google Search

Google+ Gets A Little Less Emphasis From Google Search

Beyond algorithm updates, Google has made at least two major changes to its search engine this year: Search Plus Your World and the Knowledge Graph. The former was designed to offer users a search ex...
Top Rated White Papers and Resources
There are 15 Comments. Add Yours.

  1. Great example of successful black hat SEO attempts. If the spammers can use comments to rank their sites higher and higher in SERPS, why cant we use them to promote our very useful websites.

  2. Let me give you another example of a company targeted by SEO Black hatters.

    A similar scam was running through pop-up ads a few months ago on a well known freelance site, Helium.com; one of their major advertisers had been targeted with the scareware.
    But the community quickly rallied and the problem was summarily dealt with.

    For Ford and Nissan, the problem showing up as deep as ten pages on the SERPs shows a much deeper problem.

    Scareware, or rogueware, is an ad that pops up on a user

  3. Leaving your website info on a comment is not a “Black Hat” technique…comment boxes encourage it. I think as long as a comment is relevant to a discussion, it’s alright to leave a link.

    That said, spambots that leave thousands of random unrelated or gibberish comments are a problem that should be combated by building spam resistant websites that use tools like CAPTCHA codes and “Are you human?” type questions.

  4. I think it is acceptable to use comments to promote your own site – if that is actually relevant to the discussion, and it is not automated. The fact is that spammers don’t care at all about the discussion, they will just bombard a website with irrelevant links which are not even posted by a human just software. I don’t think that it is ever acceptable behaviour.

  5. Ultimately its poor forum/website security, not really something Google should account for, their sites should just lose PR… making it their problem.

  6. Guest
    Reply

    Nice site!

  7. Developer Chris
    Reply

    I reported this problem to google over 12 months ago. I believed they were actually hacked as the results were so different from the search query.

    My first thought was that I had a virus and went to great lengths to find the culprit. in the end I only proved the fault was with googles actual results

    Of course I emailed them with my findings and was dutifully ignored.

    Personally I haven’t had a recurrence of the problem. but that seems set to change if the article is accurate

    DC

  8. Alex
    Reply

    Hi Jason,

    Do you seriously consider it hard to rank for a seven (eight) word search phrase???
    “Diagram Of A 1998 Nissan Pathfinder Blower Motor” like it would be hard to rank for this? What a joke. How on earth did you even come to think to search for this diagram with such a long phrase?
    GOSH. Your mates at pandasecurity must have paid you for this!
    Even this page already rank nr 4 for the phrase “Diagram Of A 1998 Nissan Pathfinder Blower Motor” cause it is so damn easy to rank for it!
    And your mates at pandasecurity.com rank no 1 for it.. “what a co-incidence”.
    HAA, do you believe this post was so serious for Google that they would have decided to make a fix. Let me laugh out loud!
    Give me any indexed page on any url and I bet I find a 7..8 word long search phrase the site will rank for in the top 1. Most likely no 1 for 99% of all pages.
    You must be a total novice to SEO if you find anything surprising in the results. I just wonder who on earth even bothers to “SEO” five pages for a search phrase that is unlikely to get any searches at all, unless that someone’s friend made a post here on WebProNews about it.

    You need no blackhat seo for to achieve the results mentioned above, but what’s the point. You ain’t going to sell a single “Diagram Of A 1998 Nissan Pathfinder Blower Motor” to anybody, nobody will search for it.
    Next time make a post when a Blackhat SEO manages to rank no 1 for “Google” on Google.com, or just let us make it a bit easier try the simple phrase “Latest News”..

    • Guest
      Reply

      LoL You Mad!

  9. Guest
    Reply

    why is Nissan a “Ford”?????

  10. Isn’t whitehat SEO good enough? I really do not understand that.

  12. I have to agree with the comments made by other posters, I do not believe that leaving your site info in your comment is spammy or blackhat. As long as the comment is relevant to the discussion.

  13. It is universal rule that blackhat seo experts always will look for finding vulneration of google system. And google always try to make much more perfects search algorithm. It is ever lasting process.

  14. useful tips
    nice video…

What do you think? Respond.

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WebProNews Videos | Advertise | About Us | Newsletter | Archive | News Feeds | Terms & Conditions | Contact Us

WebProNews is an iEntry Network ® publication - © 1998-2012 All Rights Reserved.