Less-than-scrupulous SEOs have engaged in black hat practices for years, but to date we’ve seen nothing to match the massive scale of what hit Google and the other search engines in the last week of November. Security experts insist that this is just the beginning. Keep reading for the details of what happened.
It's been referred to as "Google poisoning" or "SEO poisoning," and it's no wonder. A potential victim, who might not have all of the patches their system really needs, performs an innocent search on Google - on the phrase "Christmas gifts" in hope of ideas, perhaps, or even "hospice" to get information for a critically ill friend or loved one. Clicking on a link leads to a site which prompts them to install the latest ActiveX control, or possibly to get a free scan for spyware. And that's where the trouble begins.
If the user clicks on the link for the download, the web site begins loading up their vulnerable machine with malware: Trojans, viruses, rootkits, intrusive adware, you name it. At least one of these sites hosted as many as 25 separate pieces of malware ready to be downloaded. And that was just one site; there were many malicious sites participating.
This kind of thing has happened many times before. What made it particularly disconcerting this time, however, was that the malware sites had managed to reach the first page of the search engine results pages (SERPs) for multiple keywords, most of them totally innocent. Online security firm Sunbelt Software, which has been tracking the problem, supplied a PDF in one of their blog posts with a list. The number of terms per page is staggering - and the list is 12 pages long.
Even I was attacked by this lovely nastiness recently. I could tell it what it was because I'd just finished writing this article, and recognized the names of the things that were trying to load themselves onto my system. Fortunately, my up-to-date anti-virus software blocked the malware. I triggered the attempted intrusion by searching for cucumber salad recipes in Google and clicking on a few of the top links!
Google managed to beat back the attack; Sunbelt reported the issue on a Monday, and most of the malicious sites were removed from Google's index by late Wednesday (November 28). But Google will almost certainly find itself fighting off another massive attack on its SERPs, and sooner rather than later. To understand why, we need to take a closer look at how this happened.
Search Engine News 
