research-article

Open access

A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning

Authors:

Nektarios Leontiadis,

Nicolas ChristinAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 930 - 941

https://doi.org/10.1145/2660267.2660332

Published: 03 November 2014 Publication History

Abstract

We investigate the evolution of search-engine poisoning using data on over 5 million search results collected over nearly 4 years. We build on prior work investigating search-redirection attacks, where criminals compromise high-ranking websites and direct search traffic to the websites of paying customers, such as unlicensed pharmacies who lack access to traditional search-based advertisements. We overcome several obstacles to longitudinal studies by amalgamating different resources and adapting our measurement infrastructure to changes brought by adaptations by both legitimate operators and attackers. Our goal is to empirically characterize how strategies for carrying out and combating search poisoning have evolved over a relatively long time period. We investigate how the composition of search results themselves has changed. For instance, we find that search-redirection attacks have steadily grown to take over a larger share of results (rising from around 30% in late 2010 to a peak of nearly 60% in late 2012), despite efforts by search engines and browsers to combat their effectiveness. We also study the efforts of hosts to remedy search-redirection attacks. We find that the median time to clean up source infections has fallen from around 30 days in 2010 to around 15 days by late 2013, yet the number of distinct infections has increased considerably over the same period. Finally, we show that the concentration of traffic to the most successful brokers has persisted over time. Further, these brokers have been mostly hosted on a few autonomous systems, which indicates a possible intervention strategy.

References

[1]

R. Anderson, C. Barton, R. Böhme, R. Clayton, M. van Eeten, M. Levi, T. Moore, and S. Savage. Measuring the cost of cybercrime. In Proc. (online) WEIS 2012. Berlin, Germany, June 2012.

[2]

K. Borgolte, C. Kruegel, and G. Vigna. Delta: automatic identification of unknown web-based infection campaigns. In Proc. ACM CCS 2013, pages 109--120, Berlin, Germany, November 2013.

Digital Library

[3]

T. Catan. Google forks over settlement on Rx ads. The Wall Street Journal, August 2011. Available online at http://online.wsj.com/news/articles/SB10001424053111904787404576528332418595052.

[4]

comScore. February 2014 US search engine rankings. https://www.comscore.com/Insights/Press_Releases/2014/3/comScore_Releases_February_2014_U.S._Search_Engine_ Rankings, 2014. Last accessed August 26, 2014.

[5]

D. Cornish. The procedural analysis of offending and its relevance for situational prevention. Crime prevention studies, 3:151--196, 1994.

[6]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proc. USENIX Security 2004. San Diego, CA, August 2004.

Digital Library

[7]

Z. Gyöngyi and H. Garcia-Molina. Link spam alliances. In Proc. ACM VLDB 2005, pages 517--528, Trondheim, Norway, August 2005.

Digital Library

[8]

AOL Inc. Open Directory project.http://www.dmoz.org/.

[9]

T. Joachims, L. Granka, B. Pan, H. Hembrooke, and G. Gay. Accurately interpreting clickthrough data as implicit feedback. In Proc. ACM SIGIR'05, pages 154--161, Salvador, Brazil, 2005.

Digital Library

[10]

J. John, F. Yu, Y. Xie, M. Abadi, and A. Krishnamurthy. deSEO: Combating search-result poisoning. In Proc. USENIX Security 2011, San Francisco, CA, August 2011.

Digital Library

[11]

C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamalytics: An empirical analysis of spam marketing conversion. In Proc. ACM CCS 2008, Alexandria, VA, October 2008.

Digital Library

[12]

E. Kao. Making search more secure, October 2011. http://googleblog.blogspot.com/2011/10/making-search-more-secure.html.

[13]

E. Kaplan and P. Meier. Nonparametric estimation from incomplete observations. Journal of the American Statistical Association, 53:457--481, 1958.

[14]

N. Leontiadis. Structuring disincentives for online criminals. PhD thesis, Carnegie Mellon University, 2014.

[15]

N. Leontiadis, T. Moore, and N. Christin. Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In Proc. USENIX Security 2011, San Francisco, CA, August 2011.

Digital Library

[16]

N. Leontiadis, T. Moore, and N. Christin. Pick your poison: Pricing and inventories at unlicensed online pharmacies. In Proc. ACM EC, pages 621--638, Philadelphia, PA, June 2013.

Digital Library

[17]

K. Levchenko, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, A. Pitsillidis, N. Weaver, V. Paxson, G. Voelker, and S. Savage. Click trajectories: End-to-end analysis of the spam value chain. In Proc. 2011 IEEE Symposium on Security and Privacy, Oakland, CA, May 2011.

Digital Library

[18]

Z. Li, S. Alrwais, X. Wang, and E. Alowaisheq. Hunting the red fox online: Understanding and detection of mass redirect-script injections. In Proc. 2014 IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Digital Library

[19]

Legitscript LLC. Legitscript pharmacy validation. http://www.legitscript.com/pharmacies/.

[20]

L. Lu, R. Perdisci, and W. Lee. SURF: Detecting and measuring search poisoning. In Proc. ACM CCS 2011, Chicago, IL, October 2011.

Digital Library

[21]

D. McCoy, A. Pitsillidis, G. Jordan, N. Weaver, C. Kreibich, B. Krebs, G. Voelker, S. Savage, and K. Levchenko. Pharmaleaks: Understanding the business of online pharmaceutical affiliate programs. In Proc. USENIX Security 2012, Bellevue, WA, August 2012.

Digital Library

[22]

T. Moore, N. Leontiadis, and N. Christin. Fashion crimes: Trending-term exploitation on the web. In Proc. ACM CCS 2011, Chicago, IL, October 2011.

Digital Library

[23]

J. Mueller. Upcoming changes in Google's HTTP referrer, March 2012. http://googlewebmastercentral.blogspot.com/2012/03/upcoming-changes-in-googles-http.html.

[24]

A. Singhal and M. Cutts. Finding more high-quality sites in search, February 2011. http://googleblog.blogspot.com/2011/02/ finding-more-high-quality-sites-in.html.

[25]

K. Soska and N. Christin. Automatically detecting vulnerable websites before they turn malicious. In Proc. USENIX Security 2014, San Diego, CA, August 2014.

Digital Library

[26]

The Internet Archive. Wayback machine. https://archive.org/web/.

[27]

VirusTotal. Free Online Virus, Malware and URL Scanner. https://www.virustotal.com/.

[28]

D. Wang, M. Der, M. Karami, L. Saul, D. McCoy, S. Savage, and G. Voelker. Search + seizure: The effectiveness of interventions on seo campaigns. In Proc. ACM IMC'14, Vancouver, BC, Canada, November 2014.

Digital Library

[29]

D. Wang, G. Voelker, and S. Savage. Juice: A longitudinal study of an SEO botnet. In Proc. NDSS'13, San Diego, CA, February 2013.

Cited By

Tsoukaladelis CNikiforakis N(2024)Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00007(17-27)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00007
Tsoukaladelis CKondracki BBalasubramanian NNikiforakis N(2024)The Times They Are A-Changin’: Characterizing Post-Publication Changes to Online News2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00033(1573-1589)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00033
Phillips JChow YRogers HBlaszczynski A(2024)The search term ‘suicide’ is being used to lead web browsers to online casinosBehaviour & Information Technology10.1080/0144929X.2023.2298307(1-12)Online publication date: 5-Jan-2024
https://doi.org/10.1080/0144929X.2023.2298307
Show More Cited By

Index Terms

A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning

Recommendations

An Empirical Analysis of Search Engine Advertising: Sponsored Search in Electronic Markets

The phenomenon of sponsored search advertising---where advertisers pay a fee to Internet search engines to be displayed alongside organic (nonsponsored) Web search results---is gaining ground as the largest source of revenues for search engines. Using a ...
An empirical analysis of sponsored search performance in search engine advertising
WSDM '08: Proceedings of the 2008 International Conference on Web Search and Data Mining

The phenomenon of sponsored search advertising - where advertisers pay a fee to Internet search engines to be displayed alongside organic (non-sponsored) web search results - is gaining ground as the largest source of revenues for search engines. ...
Boosting Big Brother: Attacking Search Engines with Encodings
RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

Search engines are vulnerable to attacks against indexing and searching via text encoding manipulation. By imperceptibly perturbing text using uncommon encoded representations, adversaries can control results across search engines for specific search ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
1,318
Total Downloads

Downloads (Last 12 months)138
Downloads (Last 6 weeks)13

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tsoukaladelis CNikiforakis N(2024)Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00007(17-27)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00007
Tsoukaladelis CKondracki BBalasubramanian NNikiforakis N(2024)The Times They Are A-Changin’: Characterizing Post-Publication Changes to Online News2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00033(1573-1589)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00033
Phillips JChow YRogers HBlaszczynski A(2024)The search term ‘suicide’ is being used to lead web browsers to online casinosBehaviour & Information Technology10.1080/0144929X.2023.2298307(1-12)Online publication date: 5-Jan-2024
https://doi.org/10.1080/0144929X.2023.2298307
Fittler AFittler MGyörgy Vida R(2023)Stakeholders of the Online Pharmaceutical MarketTelehealth and Telemedicine - The Far-Reaching Medicine for Everyone and Everywhere10.5772/intechopen.108485Online publication date: 25-Jan-2023
https://doi.org/10.5772/intechopen.108485
Stivala GAbdelnabi SMengascini AGraziano MFritz MPellegrino G(2023)From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!Proceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627172(14-28)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627172
Häußler HSchultheiß SLewandowski D(2023)Is googling risky? A study on risk perception and experiences of adverse consequences in web searchJournal of the Association for Information Science and Technology10.1002/asi.24802Online publication date: 6-Jun-2023
https://doi.org/10.1002/asi.24802
Fittler APaczolai PAshraf APourhashemi AIványi P(2022)Prevalence of Poisoned Google Search Results of Erectile Dysfunction Medications Redirecting to Illegal Internet Pharmacies: Data Analysis StudyJournal of Medical Internet Research10.2196/3895724:11(e38957)Online publication date: 8-Nov-2022
https://doi.org/10.2196/38957
Schneider JApruzzese G(2022)Concept-based Adversarial Attacks: Tricking Humans and Classifiers Alike2022 IEEE Security and Privacy Workshops (SPW)10.1109/SPW54247.2022.9833874(66-72)Online publication date: May-2022
https://doi.org/10.1109/SPW54247.2022.9833874
Fittler AAdeniye LKatz ZBella R(2021)Effect of Infodemic Regarding the Illegal Sale of Medications on the Internet: Evaluation of Demand and Online Availability of Ivermectin during the COVID-19 PandemicInternational Journal of Environmental Research and Public Health10.3390/ijerph1814747518:14(7475)Online publication date: 13-Jul-2021
https://doi.org/10.3390/ijerph18147475
Szurdi JLuo MKondracki BNikiforakis NChristin N(2021)Where are you taking me?Understanding Abusive Traffic Distribution SystemsProceedings of the Web Conference 202110.1145/3442381.3450071(3613-3624)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3450071
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents