Sunnyvale, California, August 4, 2010
Zscaler today released a free product for consumers, downloadable via the Web, called Search Engine Security (SES). It is the first and only solution today specifically designed to combat “Blackhat SEO” attacks. Such attacks leverage Search Engine Optimization (SEO) techniques, a legitimate practice used to elevate business rankings in search results. Attackers, however, are abusing SEO; they are not limited to following acceptable SEO practices and typically have control over thousands of sites that can be quickly leveraged to boost the profile and search engine rankings of their malicious sites. The result is that when users conduct Internet searches they run a high risk of clicking on malicious, rather than legitimate, links.
“Blackhat SEO has become the most prevalent threat facing end-users on the web today, surpassing social networking threats,” said Michael Sutton, VP of Security Research at Zscaler. “Our research has shown that virtually any popular search term will contain malicious sites within the top 100 results at all major search engines including Google, Yahoo!, and Bing. In some cases, up to 50% of search results are malicious. When combined with social engineering attacks such as delivering fake antivirus applications or fake software updates, these attacks are incredibly effective.”
Sutton continued: “What is particularly concerning is the fact that fewer than 25% of anti-virus products can generally detect and block files associated with these attacks since they are so frequently changed."
How it Works
Malicious pages used in Blackhat SEO attacks deliver customized content based on the origin of the request. This is done in order to maintain stealth and extend the life of the attack. For example, malicious pages may first identify the web browser type and deliver a custom payload targeted at that specific platform. The attacks also check to see if the request originated from the search engine that was initially poisoned by the SEO attack. By masking the source of the request when a user follows search engine results for Google, Yahoo!, and Bing, the attack is broken and the malicious content is never delivered to the victim. With a typical anti-virus detection rate below 25% for such attacks, the protection provided by Zscaler’s SES solution can be a valuable asset in keeping PCs from falling victim to Blackhat SEO attacks.
Pricing & Availability
To obtain a copy, please open your Firefox browser and navigate to https://www.zscaler.com/researchtools.html. Simply hit the “Add to Firefox” button and it will be integrated into the browser. You may then begin searching safely and with confidence!
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications