info@PortalDerWirtschaft.de | 02635/9224-11
Suchmaschinenoptimierung
mit Content-Marketing - Ihre News
Imperva Inc. |

Latest insight from Imperva on search engine poisoning (SEP) attacks

Bewerten Sie hier diesen Artikel:
0 Bewertungen (Durchschnitt: 0)


"Today, Imperva released a report on search engine poisoning. Search Engine Poisoning attacks manipulate, or "poison", search engines to display search results that contain references to malware-delivering websites. There are a multitude of methods to...

Redwood Shores, CA, 09.06.2011 - "Today, Imperva released a report on search engine poisoning. Search Engine Poisoning attacks manipulate, or "poison", search engines to display search results that contain references to malware-delivering websites. There are a multitude of methods to perform SEP: taking control of popular websites; using the search engines' "sponsored" links to reference malicious sites; and injecting HTML code.

How has hacker interest in SEP grown? This is very difficult to gauge and formal statistics do not exist quantifying the problem. However, as the recent Bin Laden death reminds us, hackers leverage current events as they happen to dupe search engine users. One metric that helps understand the growth of this problem? Look at hacker forum discussions. For example, one major hacker forum saw a dramatic increase in discussions regarding search engine poisoning:

Year over year growth of SEP discussions in hacker forums: Percent growth

2007 - 2008 980.00%

2008 - 2009 212.96%

2009 - 2010 121.30%

Year over year growth of SEP discussions in hacker forums: Raw numbers

2007 5

2008 54

2009 169

2010 374

How does Imperva detect SEP? Our probes were able to detect and track a SEP attack campaign from start to end. The prevalence and longevity of this attack indicates not only how long it lasted undetected, but also that companies are not aware they are being used as a conduit of an attack. It also highlights that search engines should do more to improve their ability to accurately identify potentially harmful sites and warn users about them.

The attack method we monitored returned search results containing references to sites infected with Cross Site Scripting (XSS). The infected Web pages then redirect unsuspecting users to malicious sites where their computers become infected with malware. This technique is particularly effective as the criminal doesn?t take over, or break into, any of the servers involved to carry out the attack. Instead he finds vulnerable sites, injects his code, and leaves it up to the search engine to spread his malware.

SEP is an extremely popular method used by hackers to widely spread their malware. Attackers exploit XSS to take advantage of the role of third-party websites as mediators between search engines and the attacker?s malicious site.

The prevalence of this attack has ramifications for search engines, especially Google. Current solutions which warn the user of malicious sites lack accuracy and precision whereas many malicious sites continue to be returned un-flagged. However, these solutions can be enhanced by studying the footprints of a SEP via XSS. This allows a more accurate, and timely notification, as well as prudent indexing. We hope Google and Yahoo! step up.?

To receive a copy of this latest report, which includes the SEP observed by Imperva from beginning to end ? with screenshots, or have an interview with Amichai Shulman CTO of Imperva please contact claire@eskenzipr.com. 020 7183 2841 To find out more about Imperva visit www.imperva.com.


Für den Inhalt der Pressemitteilung ist der Einsteller, PresseBox.de, verantwortlich.

Pressemitteilungstext: 512 Wörter, 3187 Zeichen. Als Spam melden


Kommentare:

Es wurde noch kein Kommentar zu diesem Thema abgegeben.



Ihr Kommentar zum Thema





Weitere Pressemitteilungen von Imperva Inc. lesen:

Imperva Inc. | 20.12.2011

77 Prozent der häufigsten Passwörter sind in unter zehn Minuten zu knacken

Frankfurt, 20.12.2011 - Imperva, führender Anbieter von Datensicherheitssystemen für kritische Unternehmensinformationen, veröffentlicht heute den neuesten Trend-Report der Hacker Intelligence Initiative-Serie. Der aktuelle Bericht beschäftigt si...
Imperva Inc. | 08.12.2011

Imperva warnt vor Hacking-Trends 2012

Redwood Shores, CA, 08.12.2011 - Ein ereignisreiches Hacking-Jahr neigt sich dem Ende entgegen. Imperva, führender Anbieter von Datensicherheitssystemen für kritische Unternehmensinformationen, wagt bereits einen Blick nach vorn und stellt die wich...
Imperva Inc. | 16.11.2011

Imperva says staff training is essential when medical records are concerned

Redwood Shores, CA, 16.11.2011 - Commenting on reports that healthcare and IT experts warned the US Congress earlier this month about security concerns surrounding the increasing use of EHRs (electronic health records), Imperva says that media report...