Sophos Uncovers Mass Link Spam In Google’s Search Results Via Cloaked PDFs

Hackers use PDF documents to inject links and keywords and -- through cloaking techniques -- scam searchers to go to other web sites.






Sophos, an IT security company, has uncovered a case of Google search spam involving “hundreds of thousands” of cloaked PDF documents with links that redirect human users to suspicious websites. It’s similar to the long-running type of hacking/spamming that involves placing HTML-based web pages on hacked websites, but in this case involves placing PDFs. The technique may not be necessarily new, but Sophos documented cases where the PDF content is ranking highly in Google’s search results.
The company informed Google about this technique, but decided to publish their findings after not hearing back from Google. We also reached out to Google early this morning and have not heard back.



Sophos said they think this technique works because “Google implicitly trusts PDFs more than HTML.” Honestly, we are not so sure how true that statement is. Nevertheless, the process the hackers/spammers used was to hack into web sites, plant these PDFs or modify the PDFs with links, while also cloaking the documents so the normal user would be redirected to a spam site.
What Sophos found inside those PDFs was “a large amount of similar documents on a number of legitimate, but unrelated and likely compromised, websites. In addition to the heavy use of specific keywords, the PDFs include links to documents planted on other websites, forming a so-called back link wheel.”
Then through cloaking, any human web user that tried to click on the PDF would be taken to another site, not the PDF.
Sophos shared an example of a search result with the spam:






poisoned-search-google
The URLs blocked out contained these cloaked PDF documents. But when the user clicked to see the PDF, they would go to a web site, such as this one:

binarytrade1
What Google saw was not the web site, but the PDF with the links. Here is a picture of what GoogleBot saw, since Google was being served the PDF while the user was being redirected to the web site above:

pdf-cached
Sophos also documented the redirect chain the web user went through, showing how the spammers added on affiliate links to monetize the sale:

redirection-chain1
Source:-  http://searchengineland.com/it-security-company-uncovers-google-link-spamming-technique-through-cloaking-pdf-documents-224941

 

Comments

Post a Comment

Do not add Adult Content In this Blog Please.

Popular posts from this blog

Top 50 High page Rank Social Bookmarking Site List

http://slashdot.org/ http://delicious.com/ http://www.reddit.com/ http://technorati.com/ http://www.linkagogo.com/ http://www.startaid.com/ http://www.buddymarks.com/ http://google.com/bookmarks/ http://squidoo.com/ http://samomas.com/ http://rack111.com http://www.rahula.info http://mobilespecsfeature.com http://dotpoch.com/ http://www.cropsites.com/ http://www.drare.info/ http://alors.co.uk/ http://socialchirp.com/ http://kazom.com/ http://sfcsf.org http://www.anybookmarks.com/ http://www.lonerboristeria.com/ http://waslinfo.org/ http://www.echo-psi.com/ http://springsgrouppublishing.org/ http://boomarking.com/ http://2iki.info/ http://www.linksreddit.com/ http://www.bestdirectory.tk/ http://www.vamosmarketing.net/ http://www.lampurlink.com/ http://www.wp7sdkdev.com/ http://planetbookma
Read more

Best SEO Tools 2015 - Which SEO Tool is best in 2015?

Image
Ever wondered what tools are used by some of the best in the industry? Author and SEO expert Stephan Spencer shares his top free and premium SEO tools. There are a huge number of search engine optimization (SEO) tools out there. Creating SEO tools has become a cottage industry, and there are many companies out there making their living by providing tools and data. It seems like a new tool gets launched almost weekly. So, how do you know which ones to use? There are both free and paid tools, and you can spend a fortune every month licensing the paid ones. You can also spend a huge amount of time looking at these solutions, delving into reports, slicing and dicing the data they provide, and being overwhelmed by the sheer volume of data available, rather than working on the tasks that will actually improve your SEO and drive more organic traffic and conversions. Which tools produce the best ROI for your time and money? Some of my favorite SEO tools are below. Free Tools For t
Read more

Penguin 4 Is Now Released With Spam-Fighting Penguin 2.0 Technology

Image
 After several weeks of anticipation, Penguin 4 has become hit in the market with its release. The 4th Penguin version includes new spam-fighting 2.0 technology of Google search engine. It is one of the biggest hits in release of different Penguin algorithm. According to the Google’s Webspam head - Matt Cutts, the new generation will work better to stop spam.  As said by Google, the new update - Penguin 4 is released with the most important goal to prevent spam back-links , refining how Google search engine punishes websites that try to boost SEO with link schemes as an alternative of merit-based web content. He also announced the new Penguin 2.0 update algorithm during this week in Google and in his earlier video; he said that it is being rolled out “within the next few hours.”  With this update, SEOs and Webmasters are expecting major changes to the search results. Cutts also predicted that around 2.3% of queries will be impacted by this Penguin update algorithm. He said that
Read more