Another day, another acronym to remember. This one is important, though, as the prevalence of SEP is on the increase.
Security firm Imperva released a report on search engine poisoning, which, in summary, is a manipulation of search engine result, often using black-hat SEO techniques, to display results that contain references to malware delivering sites – which might either spoof a user to download malicious files, or use so-called drive-by techniques to instigate a download on poorly configured systems.
The report suggests various techniques can be used in the SEP attack, including:
- Taking control of well-known, but poorly secured web properties
- Using sponsored links (ads) to reference malicious sites
- HTML Injection techniques
The report contains a handy info graphic that defines the anatomy of search engine poisoning, from start to finish.