Zscaler Offers Free Consumer Protection Against Blackhat SEO Threats
Sunnyvale, California, August 4, 2010
Zscaler today released a free product for consumers, downloadable via the Web, called Search Engine Security (SES). It is the first and only solution today specifically designed to combat “Blackhat SEO” attacks. Such attacks leverage Search Engine Optimization (SEO) techniques, a legitimate practice used to elevate business rankings in search results. Attackers, however, are abusing SEO; they are not limited to following acceptable SEO practices and typically have control over thousands of sites that can be quickly leveraged to boost the profile and search engine rankings of their malicious sites. The result is that when users conduct Internet searches they run a high risk of clicking on malicious, rather than legitimate, links.
“Blackhat SEO has become the most prevalent threat facing end-users on the web today, surpassing social networking threats,” said Michael Sutton, VP of Security Research at Zscaler. “Our research has shown that virtually any popular search term will contain malicious sites within the top 100 results at all major search engines including Google, Yahoo!, and Bing. In some cases, up to 50% of search results are malicious. When combined with social engineering attacks such as delivering fake antivirus applications or fake software updates, these attacks are incredibly effective.”
Sutton continued: “What is particularly concerning is the fact that fewer than 25% of anti-virus products can generally detect and block files associated with these attacks since they are so frequently changed."
How it Works
Malicious pages used in Blackhat SEO attacks deliver customized content based on the origin of the request. This is done in order to maintain stealth and extend the life of the attack. For example, malicious pages may first identify the web browser type and deliver a custom payload targeted at that specific platform. The attacks also check to see if the request originated from the search engine that was initially poisoned by the SEO attack. By masking the source of the request when a user follows search engine results for Google, Yahoo!, and Bing, the attack is broken and the malicious content is never delivered to the victim. With a typical anti-virus detection rate below 25% for such attacks, the protection provided by Zscaler’s SES solution can be a valuable asset in keeping PCs from falling victim to Blackhat SEO attacks.
Pricing & Availability
To obtain a copy, please open your Firefox browser and navigate to http://www.zscaler.com/researchtools.html. Simply hit the “Add to Firefox” button and it will be integrated into the browser. You may then begin searching safely and with confidence!