Replica Handbags and Black Hat SEO

Google Gives Update on How It’s Combating PiracyAs I do in a normal day, I was patrolling the mean streets of the web looking for websites selling fakes.  On this particular day, one site came to my attention.  How does a church website with no e-commerce component show up as a top search engine result for replica handbags?  When I examined the website’s source code, I observed that there was a javascript injection placing links into their website unbeknownst to them.

Below is an example of what I observed:

     
     elementId = Math.floor(Math.random() * 10001);
     document.writeln('
‘); document.getElementById(‘block’ + elementId) .style.display=’none’; <a href=”http://xxxxxx.com/db-gestion/pmd/styles/default/images/ icons/brandname/brand-name-products.php”>brand name products</a>

Search engines rank websites based on inbound links from legitimate websites.  A javascript injection like this created invisible links to the bad guys’ website the search engines can see but the viewer cannot.  The way this is done is by finding an open doorway into a legitimate website that does not have the latest security updates.  This is an example of a black hat technique that helps increase search engine results for their illegal site.  The lesson to be learned (besides keeping your software updated) is that there are many hidden efforts behind marketing contraband products and, in turn, many clues left behind if you know where to find them.

Now I’m going to finish my coffee.

Branch Offices for Counterfeit Luxury Goods

During one of my strolls through the dark alleys of the web I came across another interesting black hat search engine optimization technique: branch offices for counterfeit luxury goods installed within legitimate sites.  At first observation, the website I saw selling counterfeits looked like any other.  But, after a closer look, the URL appeared to be much longer than the typical domain-based URL like fakestuffseller.com.  Instead it looked like this: http://legitimatesite.com/includes/ice/ _vti_cnf/lib/ brand/boots/brand-boots.php.  I noticed an extra directory ‘/includes/‘ that looked out of place and perhaps would not be in the normal structure of this particular legitimate website.  My next step was to test my theory and delete the extra crap (/includes/ice/ _vti_cnf/lib/brand/boots/brand-boots.php) from the URL, leaving it to be simply legitimatesite.com.  As I has suspected this led me to a perfectly legitimate university website.

The two questions you are asking right now are “how?” and “why?”.  Allow me to enlighten you.  The “how” is similar to what I explained in another recent article I wrote regarding black hat search engine optimization techniques where hackers find weaknesses (like unlocked doors) in websites whose security software is not up to date.  Once that vulnerability is detected, the hacker can install thousands of his own websites within your website without your knowledge and, perhaps, for years before you even notice anything is strange.  The reason they do it is so that they can create tens of thousands of websites selling counterfeits.  Since this is done on a mass scale, the criminal is only minimally affected when your lawyer takes down poor old legitimatesite.com.  He has an unlimited supply.  Now I’m going to finish my coffee.

Living by Accident

Sometimes Risk is the Reward

Hi-Tech P.I.

Helping people see the forest for the trees, online.

Holmes, P.I.™

Can you dig it?