The landscape of the Internet has changed in the past few years. Search Engine Optimization (SEO) has taken on a new face as webmasters and publishers alike attempt to come up with new and creative methods to have their sites rank on Google and other search engines. While there is no clear-cut methodology to getting good search engine rankings, other than creating good content, hackers and cybercrooks are conjuring up Black Hat SEO campaigns to inject websites with hidden text to boost their rankings.
What appears to be a relatively new campaign, hackers and cybercrooks are targeting about 3,800 websites hosted on 328 unique IP addresses to leverage SQL injection flaws on those that utilize MS-SQL servers. Through use of the SWL injection flaws, the hackers are able to penetrate databases and search for the targeted website's content to insert extra content throughout random pages on the attacked website.
The content injected on the sites are in the form of text that is usually hidden to site visitors but search engines like Google can "see" the text thus place priority over displaying the site in a relevant search query. Essentially, the code and text is hidden within CSS code and presented to the search engine crawlers, including Google, Bing, Yahoo and many others.
Through the intelligent use of targeted keywords and links, the attackers are able to improve the ranking of targeted websites that the hackers leverage SQL injection flaws to insert the text and code. While such a method of gaining additional search engine placement, there is a much more dirty side to the scheme. Hackers and cybercrooks are also defacing sites that already have a decent ranking and polluting them with malicious and adult-themed content.
Among the websites targeted in the recent Black Hat SEO campaign to inject site with hidden text, they are sites that run on MS-SQL database servers. In targeting such servers, the attackers are able to find servers running older versions of IIS, Microsoft's Web server technology, to find vulnerabilities that allow ease of compromising the site. Additionally, some compromised PHP-based websites are thrown into the mix because they also use MS-SQL database servers.
There have been various keywords that hackers take advantage of on sites running on MS-SQL server that prove to be vulnerable to injecting text and other coding. Such Black Hat SEO manipulation techniques are nothing new as we have seen many cases in the past where these methods resulted in thousands of other sites being compromised only to improve their search engine ranking to reveal malicious content. In other situations, we have seen where hackers utilize clever Black Hat SEO methods to spread malware on compromised sites that naturally place well with certain internet search queries.
Akamai, a technologies company that provides an extensive content delivery network (CDN), occasionally posts updates on discovered vulnerabilities or cybercrook activity over the internet on their stateoftheinternet.com site. As an update to this recent Black Hat SEO campaign, Akamai posted the attack detail bullet points on their site. The summarized details and attack threat advisories offered on the site may be utilized by webmasters and publishers to better safeguard their own sites and pages against potential injection of text within their CSS code.