Blackhat
SEO spam is used mainly to redirect users to pages serving malware, often disguised as an antivirus. However, other players are using the same Blackhat spam
SEO techniques (they use hijacked sites) more and more to increase traffic to their site.
Fake search enginesThese sites look like a search engine. But all links are actually paid advertising. To trick the advertising networks, the user is redirected to different IP addresses when he clicks on these links, so that the advertising networks see a small amount of traffic coming from multiple addresses instead of massive amounts of traffic coming from one location.
I've described how these fake search engines work in detail in the post about
Mother's day scam.
 |
p3p0.com fake search engine |
These fake search engines include
xaras.net,
p3p0.com,
yeasbear.com,
xsearcher.net,
smartbuzz.biz (currently blocked by Google Safe Browsing), etc.
Download sitesIn the past few months, I've seen more and more hijacked pages redirecting users to (illegal) download sites. These sites make money by selling subscriptions to users.
 |
Site claims to have deadliest catch.rar available for download... |
They redirect users to a page that claims the file they are looking for is available for download. The file name is obtained by appending .rar to the search term. In the screenshot above, a search for "
deadliest catch" on Google lead to sapm page redirecting to
http://express-downloads.com/download.php?file=deadliest%20catch.rar where the the file
deadliest catch.rar is available for download.
 |
but the user must sign up first ... |
But the user needs to be "to be logged in to download" the file. After entering his e-mail address and a password, he must also make a payment to access this file.
 |
and pay to access a file which does not exist! |
Of course, the file does not exist. You can change the file name to any string, the site always claims the corresponding file is available:
http://express-downloads.com/download.php?file=[string].rarMost of these sites have very similar domain names:
fast-downloads.biz,
turbo-speed-downloads.com,
express-downloads.com,
thedownloadfiles.com, etc.
ConclusionThere are more and more shady sites using Blackhat SEO in order to make money. And there is no shortage of vulnerable Wordpress installations to take advantage of. This type of spam will very likely exist for a long time.
Botnets are already available for rent, I think it won't take long before hijacked sites are up for rent to increase traffic to shady websites.
-- Julien