Spamdexing makes for risky searches

By Kirsten Doyle for Cisco
Johannesburg, 14 Aug 2009

As news about Conficker spread around the globe earlier this year, concerned computer users visited Google and other search engines to find patches to block the worm. Unfortunately, some of the first results to come up, which users assumed to be reliable as they were indexed upfront, were actually sites hosting fake security software, and often, malware.

This is according to Martin Walshaw, Cisco security expert, discussing the findings of the Cisco Midyear Security Report. “This practice, called spamdexing, is the practice of including information in a Web page that causes search engines to index it in some way that produces results that satisfy the spamdexer, but are detrimental to the search engine providers and users.”

Walshaw says when news events such as the swine flu epidemic or threats like the Kido worm drive computer users to search engines, cyber crooks employ this technique, also known as search engine poisoning, to push their fake Web sites to the top of search page results.

He says spamdexing is done by overloading a Web page with relevant search terms or keywords so search engines will interpret the sites as good matches for the computer user's query, consequently raising the ranking for the suspect pages.

However, Walshaw says spamdexing isn't used only by cyber criminals. Even though search engine companies disapprove of the tactic, and supposedly employ means to lessen this, a lot of genuine businesses also employ this tactic to boost their own search rankings.

“In fact, they can use free online tools like Google Trends to discover the most popular search terms at any given time, and create malware carrying fake Web sites accordingly.”

Walshaw says to prevent this user education in the form of security awareness training helps mitigate the threats posed by spamdexing, but organisations cannot rely on employees always making the right choice about which sites to trust.

“For more thorough protection, businesses need security solutions that combine traditional URL filtering, reputation filtering, malware filtering, and data security.”