Sunnyvale, California, August 4, 2010
Zscaler today released a free product for consumers, downloadable via the Web, called Search Engine Security (SES). It is the first and only solution today specifically designed to combat “Blackhat SEO” attacks. Such attacks leverage Search Engine Optimization (SEO) techniques, a legitimate practice used to elevate business rankings in search results. Attackers, however, are abusing SEO; they are not limited to following acceptable SEO practices and typically have control over thousands of sites that can be quickly leveraged to boost the profile and search engine rankings of their malicious sites. The result is that when users conduct Internet searches they run a high risk of clicking on malicious, rather than legitimate, links.
“Blackhat SEO has become the most prevalent threat facing end-users on the web today, surpassing social networking threats,” said Michael Sutton, VP of Security Research at Zscaler. “Our research has shown that virtually any popular search term will contain malicious sites within the top 100 results at all major search engines including Google, Yahoo!, and Bing. In some cases, up to 50% of search results are malicious. When combined with social engineering attacks such as delivering fake antivirus applications or fake software updates, these attacks are incredibly effective.”
Sutton continued: “What is particularly concerning is the fact that fewer than 25% of anti-virus products can generally detect and block files associated with these attacks since they are so frequently changed."
Malicious pages used in Blackhat SEO attacks deliver customized content based on the origin of the request. This is done in order to maintain stealth and extend the life of the attack. For example, malicious pages may first identify the web browser type and deliver a custom payload targeted at that specific platform. The attacks also check to see if the request originated from the search engine that was initially poisoned by the SEO attack. By masking the source of the request when a user follows search engine results for Google, Yahoo!, and Bing, the attack is broken and the malicious content is never delivered to the victim. With a typical anti-virus detection rate below 25% for such attacks, the protection provided by Zscaler’s SES solution can be a valuable asset in keeping PCs from falling victim to Blackhat SEO attacks.
To obtain a copy, please open your Firefox browser and navigate to http://www.zscaler.com/researchtools.html. Simply hit the “Add to Firefox” button and it will be integrated into the browser. You may then begin searching safely and with confidence!
Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and Zscaler Private Access™, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.
Zscaler™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.
Vice President, Global Communications