Scam websites

More and more people from around the world use the Internet for socializing, for online transactions, buying things, send and receive money,  and about anything they can do involving interaction with other people or companies. Almost all these start with a search for your interest keywords in a powerful search engine and the most powerful is as you know but far from the perfection.

Many hackers using black hat methods can manipulate  the Google search results positioning their scam websites in the top of search results, though for short amount of time until Google blacklist them. Let’s dig a little how this is possible. One of the most factor in Google algorithm for ranking a website is its back links, links from other site pointing to the website in discussion. As a consequence, blackhatters created spam tools like XRumer or SEnuke and named them link building tools. I categorize these kind of tools spam tools and not Search Engine Optimization(SEO) tools because them have nothing to do with search engines exposed rules where the website content quality must prevail for the benefits of the search engine user. Also these tools has the capability to create member accounts  for the forums and even new email accounts used for creating the forums memberships, all these automatically and bypassing captcha verification.

In fact, I find very strange and wrong the search engines behaviour and especially behaviour when they announce clearly  “the content is king” for a website rank, but in the same time pay an excesive attention at website back links making possible for a scam website or for a very low quality content website to occupies a high position in SERP (search engine results position) if it has a lot of back links. This search engines behaviour open a Pandora box, because hackers and blackhatters has coded spamming tools  able to post a message containing very often a backlink or more to their website or promoting a product(see all Viagra advertisements you maybe saw on the Internet) in thousands and thousands of forums and blogs in profiles or members  signatures in a very short amount of time, leading finally to a high position in search engine results.

This is why I find the search engines behaviour somehow deficient, because from the user point of view, I’m interested by the website content and not by the numbers of back links a website has.

However, it’s not the subject of this article how search engine works but is a certain fact that malicious or fake websites find for a short period a great opportunity to rank very high in search engine results for a chosen,  very popular keyword. Sooner or later, after the search engine notice the spam character of  a site back links, the website will be penalized, blacklisted and removed from the search results.

What a blackhatter(hacker) can do with a fake website in its short life until it is blacklisted in search engines ? A lot of things, because the site receive a lot of traffic, that’s mean a lot of opportunities to scam people or to infect them with passwords stealer trojans.

PandaLabs write in an article that every week hackers in conjunction with blackhatters creates and elevates using black hat strategies, in search engines results, almost 57,000 of scam websites with various goals.

About 65% from these sites are clones of the official banks websites tricking the user to type his credentials in the fields and record them in a database. After stealing the login credentials of the visitor in this way, the website can unnoticed redirect him to the official bank website. Online stores and auction sites e.g. eBay fill 27% from the total of 57,000 of fake websites created every week, but any major financial institution(Bank of America, Paypal, the US revenue service), popular gaming site or a popular product website can be the target of this “cloning” attack.

It’s a well-known fact how users searching for the popular UGG boots, a traditional Australian footwear made from sheepskin, can be directed from the search engine to a plenty of fake websites the most selling counterfeit UGG boots Made in China for example.

Therefore, some good habits are compulsory for a safe and clean websites navigation.

  • Don’t click in a hurry on the first retrieved search engine result, check carefully all the retrieved results excerpts from the first pages. If you pay a close attention to them, the common sense will tell you what site is genuine and what is a fake website;
  • It’s recommended to type by hand the URLs in the navigation bar for banks or payment platforms, don’t click on search engine results;
  • Make a habit to hover your mouse over a link and check the status bar of your browser to see the real link hidden under an anchor text;

Another use of the fake websites is to download malware into the visitor’s computer without his knowledge via Java scripts,  ActiveX or another type of scripts, the so-called drive-by download. Disabling the JavaScript or any other script in your browser offer a safer but poor surfing experience sometimes, anyway a lot of people deep concerned about their computer security, opt for it. Besides using an up-to-date antivirus which is a must for preventing computer infections via fake websites, there is some complementary tools able to detect the websites with malicious content in real-time as :

  • AVG LinkScanner® for Windows , a free program offered by the AVG security vendor. This program will check web page before to open it in your browser and will block malicious sites;
  • Dr.Web anti-virus link checker, an addon for Mozilla Firefox will scan any files you want to download or web page you are about to visit with the online version of Dr.Web anti-virus. The software create a new context menu entry on all hyperlinks in a webpage, “Scan with Dr.Web”;
  • As a wonderful Firefox add-on, against the running scripts there is NoScript, providing a very efficient defense against  cross-site scripting attacks (XSS), Clickjacking attempts and script based threats, using a new technology,  ClearClick. The add-on allow the execution of JavaScript or other scripts only from trusted domains of your choice;
  • Not the last method for preventing computer infections via scam websites, there is use of a sandboxed browser. Installing the Sandboxie program, with a click you can surf the Web in an entirely secured virtual environment, any malicious attempt to change something in your system, made by a script, will be outside of your real system environment, in a “sandbox”, a “virus cage”;

All these been said, Happy and Secured surfing !

Posted in Thoughts. Tagged with , .

8 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *