The back-and-forth between crackers and good guys played out during March through the ominous-sounding "SEO poisoning" exploit. Independent security consultant Dancho Danchev has been tracking what appears to be a massive assault on Web sites that has evolved over the past several weeks.
Danchev -- who is quoted, referred to or paraphrased in just about every story on the topic -- offers insight at his blog that quickly becomes a bit complex. It is important to note that this type of attack isn't new. In the world of cracking, little-used or even just theoretical exploits exist in the background and suddenly gain favor among criminals.
George Hulme at InformationWeek offers a good explanation of the situation. The exploit takes advantage of iFrames. In an iFrame, a sector of a Web page has separate HTML components from the rest of the page. It is, in essence, a page within a page. Sites often use iFrames to collect information from visitors. This can be set up in a number of ways, and some less-than-careful coders leave openings for crackers. If one fills gibberish in the field asking for the Social Security number, for example, a properly written site notes that something is amiss and asks the visitor to resubmit the information.
Many sites are not well put together, of course. A poorly written site, Hulme says, can momentarily lose its bearings when confronted with, for instance, symbols and letters if it is only programmed to recognize numbers. In such cases, it may be possible for the cracker program to upload a Trojan Horse to the site during this brief period of confusion.
Danchev says the exploit has evolved and now some of the highest-profile sites on the Internet -- a list is included at the link -- are under attack. Many of the reports say Google is filtering its results to delete links to infected links. Larry Dignan at ZDNet comments that it will be interesting to see whether the crackers or Google do a better job of scaling as the attacks grow.
A lot of this quickly becomes difficult for non-coders and non security experts to understand. The bottom line is clear, however: SEO poisoning is a threat only if the site is poorly written. Managers must insist on best-practice procedures that preclude preventable problems such from creating massive woes.