Blackhat spam SEO was very prevalent in 2010 and it is not likely to disappear in 2011. I've compiled a few statistics on Blackhat spam SEO pages found in Google search results during December 2010:
I usually limit my Google scans to the first 10 pages of results, so there are likely many more spam pages in Google's full index.
Fake AV pages are still the most popular type of attack, accounting for 85% of all malicious sites. Next in line are fake software stores, with 6% of the sites. I'll give more details about this type of attack in a future blog post.
5% of the malicious sites were unreachable, and could not be classified.
|Types of malicious sites: mostly fake AV|
44% of the malicious sites use a .IN domain name. 25% use a .COM extension, and 16% use an IP address without a domain name. .CC domains represent only 4% of all malicious domains. .CO.CC used to be the most popular TLD for fake AV pages, but it is now .IN
|Malicious sites by domain extension|
I found 428 legitimate sites hosting 4,814 spam pages in Google search results. That's an average of 11 spam links per domain within the top ranks for popular searches.
The spam sites are found all over the world: 31 different TLDs were found amongst spam sites. The international .COM extension was found in 58% of the sites, .ORG in 8% and .NET in 6%. The .EDU TLD represents 10% of the total. HJacked college websites were mostly to lead to fake software stores.
|Spam sites by domain extension|
Most dangerous searches
356 Google searches contained at least one malicious spam link in December 2010.
The most dangerous searches relate to buying software online, and lead to a fake store. The most dangerous popular search (shown in Google Hot Trends) was for "sherwood blount" with 63 spam links amongst the first 100 search results!
|Top-10 most dangerous Google searches in December 2010|
I am still compiling the numbers and will do another post on the topic shortly. It looks like malicious Blackhat spam SEO will still be a major threat, if not the most significant threat to users in 2011.