Cybercriminals Using SEO Technique to Haul in Big Bucks, Says Report

By Matthew Harwood

Cybercriminals have copied the technique of search engine optimization (SEO), by which legitimate websites use key words to boost their rankings on Internet searches, to hatch a scheme that rakes in as much as $10,800 a day, according to a Web security company.

In a cybercrime intelligence report  (pdf) produced by Finjan Inc.’s Malicious Code Research Center, security researchers analyzed a cybercriminal network that tricks users into giving up their payment card numbers by inserting Web pages with SEO keywords into legitimate sites that redirect people to a Web page where “rogueware” is installed.

Rogueware is fake software that doesn’t do what it pretends to do, says Ophir Shalitin, director of marketing for Finjan. In this case, the rogueware purports to be legitimate antivirus software.

The SEO injected Web pages include popular misspelled keywords, such as "Obbama" and "Gogle," as well as words taken from Google Trends Labs.

"By adding these pages to the compromised Web site, cybercriminals are trying to have search engines index them," the report explained. "This way, they will show them as top results whenever a user makes a typo or searches for a trendy term on the Web."

This method has significantly increased traffic to these injected Web pages, Shalitin says.

Here's how it works: when users click on an infected search result, artificially bolstered by SEO, they are redirected to a Web page where a pop-up warns victims that their computer is infected with malware. The message then tries to trick users into downloading fake antivirus software for $50. If users buy the fake software, they have unknowingly just provided their payment card number to cyberthieves.

Finjan found that the rogue software’s installation rate is between 7 to 12 percent while almost 2 percent of the victims paid $50 for the bogus antivirus program.

The cyber-sleight-of-hand led 500,000 Google searches to compromised Web sites in a single day, while 1.8 million unique visitors were redirected to the antivirus software during a 16-day period, according to the report.

There are two parts to this “criminal affiliation network,” as the report dubs the cyberthieves. The first part of the network is the rogueware designers. Second, are its members, who promote the rogueware by using SEO techniques to drive unsuspecting victims to pages carrying the rogueware. Members of the cybercriminal affiliate network are richly rewarded for their work, receiving 9.6 cents for every successful redirection.

“If we calculate it per day,” the report notes, “it translate to a whopping $10,800 for one day of criminal activity.”

Do it for a year, and a cybercriminal could receive over $2 million worth of compensation for her efforts.


Web servers are one of the

Web servers are one of the most targeted public faces of an organization. Securing a web server is as important as securing the website or web application itself and the network around it.


miami web design

The security company states

The security company states that cyber criminals first create web pages with well-known keywords so that the pages get a high ranking among search engine results. They then drive surfers who search with those keywords to the website that carries the malicious links pointing to the bogus antivirus.

sameday courier

Cyber Criminals

Cyber criminals are genius. These wizard have enough capacity to turn the networks in their favor but in a negative order. They are the real threat to the recent web based world. I'm using Clickbooth affiliate program network for years. I never face any threat till date. Think it's my good luck not the wizards' incapability. Wish they would use their wisdom in positive purpose.

SEO injected Web pages plays

SEO injected Web pages plays crucial role to to Haul in Big Bucks..this is real..many of them uses the scripts to find the best paying keywords to get terrific traffic from search engines.
seo directory submission

It's maddening to know that

It's maddening to know that no matter what we do there will probably someone who is one step ahead of us for all the wrong reasons. This seo technique has been going on for sometime and apart from people making sure they are protected and well informed about these tactics, it seems we are powerless to stop the next scam popping up in seo or any other facet of the web. Like in the offline community there will always be dishonest people and there will always be those taken advantage of at the time. Just be sure that you do in depth searches about anything before you give out your details to make a purchase. And remember that they can set up positive reviews for themselves so dig deep into the answers and try various search terms.

Web servers are one of the

Web servers are one of the most targeted public faces of an organization. Securing a web server is as important as securing the website or web application itself and the network around it.


pci dss


Cybercriminals use the technique of search engine optimization...I think you have given me good information....I'm going to bookmark this post now...Thanks

search engine optimisation



Very Important information

Very Important information shared. Thanks to the SEO author


Nice article.SEO Is a very important part of advertising and marketing, and will bring you the results you so desire.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.