Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Interesting idea to help prevent RogueAV from using SEO without being noticed:) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Interesting idea to help prevent RogueAV from using SEO without being noticed:)

With the way the RogueAv teams are using SEO to poison search results one of the isc.sans.org readers "Andy" submitted this idea in response to this article by Bojan.
http://isc.sans.edu/diary.html?storyid=9085

"If search engines were to ignore everything that is not "Visible" on a page they crawl, then a lot of this malware
would lose their stealth.
Drop all hidden, non formatted, and even white text on a white background.
It would improve search results."

Google may already be doing something like this as they are not getting hit as hard as some other search engines in the fakeav SEO poisoning attacks.
Thanks Andy.

donald

206 Posts
ISC Handler
Of course, this would be detrimental to web developers who still use this trick to display their sites correctly in search engine results. However, there are more sensible solutions to the problem these days.
hacks4pancakes

48 Posts
Unfortunately I don't think this idea will work very well as contents can be dynamically shown or hidden (e.g. using JavaScript), and quite often legitimately (mouse overs and other events to show/hide contents). It would also require the search engines to run the JavaScript in the page and also to apply the CSS styling. In fact it would have to render the entire page as if it were a browser and then determine what elements in the page are visible or could be rendered visible by user interaction.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!