Search Engine Poison and the Federal Government


With the holidays in the rear view mirror we take a moment to look at what online scammers have been up to this season. It is that time of year where the perfect conditions exist for malicious programmers to run their seemingly annual Search Engine Poison attacks.

For those who aren’t aware:

What is Search Engine Poison?

Search engine poison attacks are a technique used by hackers to dupe search engines into displaying malware-delivering sites in an effort to obtain personal information.

How does it work?

Hackers identify sites venerable to Cross Site Scripting (XSS). They then generate a list of URLs that, based on the venerable sites, contain specific search terms and a script that deliver the malware.  Since search engine bots crawl the entire web, these malicious sites are indexed and associated with the key terms embedded in the URL. As a result, the sites are eventually displayed in search engine results, often times higher than legitimate sites.

Here are some of the search queries that have yielded Search Engine Poison this holiday season according to our partner Blue Coat:

  • Christmas Door Decorating Ideas
  • Christmas office party games
  • Black Friday

Search Engine Poison may not seem like an issue for the government. But for many agencies, public search is a daily activity and, for some, it is a necessary element in achieving their mission. Take the Department of Commerce for instance. The United States Patent and Trademark Office employ nearly 7,000 patent examiners. Through the process of determining the validity of a patent, examiners make between 10 to 100 daily searches for information on a variety of topics they are researching.

And let’s not forget that hackers work year round.

Non-holiday search terms leading to SEP have been:

  • Employee Year End Self Assessment Examples
  • Performance Appraisal Phrases
  • Answers to commanders safety course ver. 3.1

As you can see, these attacks are not simply targeting the hapless Cyber Monday shopper.

 How can you avoid Search Engine Poison?

There are several measures you can take to prevent malware. First of all, be aware. Actually look at the links you intend to click. Don’t click on or accept suspicious error message displays.  Since malicious attacks can occur in open sessions, log out of websites when you are finished. And for peace of mind, purchase security software from reputable and trusted sources and only from the vendor’s website or legitimate partners.

For more data and information on Search Engine Poison, check out this Security Blog by Blue Coat.'
Chris Thorne

Chris Thorne is DLT Solutions’ Web Marketing Specialist. He blogs about the digital marketplace and cyber technologies.