Black Hat SEO

May 28, 2010

Hands down, the most common type of computer infection we see here at Cyber Tek Computer Pros are these fake security packages. Once they get on your system, they look and act like security software. They pretend to scan your system and tell you that your system is infected. Your system is infected, but not in the way they tell you. The fake security program IS the infection.

One of the ways these types of infections spread is by using Black Hat SEO. SEO stands for Search Engine Optimization. It’s a procedure most website administrators use to make their website come up first, or near the top of your search results when you search for certain things. By doing that, it makes it more likely that you will find and visit a webpage that employs SEO techniques.

However, just like The Force in Star Wars, there is a dark side to SEO. The dark side is referred to as Black Hat SEO. It’s basically cheating or using deceptive practices to make a website show up higher on your search results.

Here’s what these criminals do. First, they target a particular company. It’s always a big company with lots of web traffic. One such company that has been targeted in the past is Ford Motor Company. Once they have a target, they create a fake website that looks like Ford’s website. Then they use BlackHat SEO to make their website come up on search engine results above the real company’s website. This makes it likely that people will click on and visit their fake website instead of the real one.

Once the unsuspecting web surfer is on the fake website there will be a prompt to install something. It may just prompt you to install something without saying what it is, but more likely, it will  give you a reason. It may say you need to update to the latest version of flash in order to view the website or it may give some other reason. No matter what reason they give, if you agree and install, that’s when your computer is infected.

To help prevent your computer from being infected in this way, here’s what you can do.

First, you should be running one of our 4 recommended security packages: Vipre, AVG (not the free version), Malwarebytes (not the free version), or SuperAntiSpyware (not the free version).

We also recommend the installation of Web of Trust (WOT) and adblocking software like “Simple Adblock” or “Adblock Plus”. These utilities add extra protection when you are surfing the web. And all of these utilities are free.

We recommend only updating plugins like Flash, Adobe Reader, Java, Shockwave, and SilverLight directly from their makers, not from some website that tells you that you need to update them. So if a website says you need to update one of these, exit the website and go to the appropriate website to update.  Once updated, then return to the website. If it still says you need to update, something is wrong.

Here’s a list of where to go to update each of the plugins we mentioned:

For Flash, Adobe Reader, Shockwave go to adobe.com.
For Java, go to Java.com
For Silverlight, go to www.microsoft.com/silverlight

If you are prompted by a website to install something, don’t just allow it. Stop and be very careful and make sure it’s OK. You may think you are on a trustworthy website, like Ford.com, but you may be on a fake website made up to look like the real one.

Here’s how you can identify if you are on a fake website. Look at the address of the website. It’s at the top of your web browser and usually starts with http or www. We will use Ford for some examples. If it says ford.com, that’s valid. But if it has something between ford and com, like ford.ru.com, that’s not the same. Something like support.ford.com is OK. What matters is the right two words. If it ends in ford.com, it should be OK. Something else you might see is a bunch of numbers known as an IP address. So if you see something like: 10.19.32.4 in the websites address, it may be fake.

Leave a Reply

You must be logged in to post a comment.