Cybercriminals make US$11,000 a day through SEO errors

23 Mar 2009

Ever mistype something you are looking for in Google, such as ‘obbama’ instead of ‘obama’? If you have, you could be a victim of cybercrime, as it turns out that cybercriminals sending rogueware via search engines are making a fortune out of unsuspecting web surfers.

Secure web gatetway provider Finjan researched one of the rogueware affiliate networks where members make US$10,800 a day.

In the first issue of its Cybercrime Intelligence Report for 2009, Finjan reports that cybercriminals are disseminating rogueware using search engine optimisation (SEO) techniques.

Cybercriminals used SEO to optimise the distribution of their rogueware. Typos and misspelled keywords (such as ‘obbama’ and ‘liscense’), as well as trendy keywords taken from Google Trends system, were abused to show compromised websites as top search results.

Subsequently, the traffic volume to the compromised websites increased significantly, luring masses of potential buyers to the rogueware offering.

The Cybercrime Intelligence Report reveals cybercriminals are professionally organised and operate affiliate networks to boost their malware and rogueware distribution.

To promote their rogueware, they compromise legitimate websites by injecting SEO-targeted pages that include repetitive, popular search keywords with minor typos.

Search engines then index these injected pages and display them as top search results.

This SEO-targeted technique has proven to be very effective and has yielded almost half a million Google searches to compromised sites, according to statistics found on the criminal’s server during the research.

An estimated 1.8 million unique users were redirected to the rogue antivirus software during 16 consecutive days.

Members of the affiliate network were rewarded for each successful redirection with 9.6 cents “a piece”, which totals US$172,800 or US$10,800 per day.

“As reported by Finjan before, cybercriminals keep on looking for improved methods to distribute their malware and rogueware,” said Yuval Ben-Itzhak, chief technology officer of Finjan.

“Since they make money by trading stolen data or selling rogue software, they are looking for new and innovative techniques all time. To increase the distribution reach of their rogueware, they successfully turned to SEO,” Ben-Itzhak said.

By John Kennedy