New Firefox Extension Can Thwart BHSEO Attacks

[Peaches]

New Firefox Extension Can Thwart BHSEO Attacks

Attackers' own tricks turned against them

The security industry has struggled to come up with an effective solution to block these attacks for a long while now. Practice has already demonstrated that blacklist-based approaches are ineffective, because attackers rotate the malicious links too quickly. Real-time scanning all pages shown in search results before the user actually visits them has brought strong criticism from web developers because the practice was generating extra and unnecessary traffic for their websites.

Zscaler's solution is simple and elegant, as it turns the attackers' own tricks against them. Before delivering the payload, most, if not all of these malicious pages check to see if the visiting user actually came through the poisoned search engine results. This is done by inspecting the Referer field in the request header sent by their browser. Attackers employ this method in order to prevent the landing page from being discovered by crawlers or other automated security scanners.

The Search Engine Security Firefox extension allows setting the Referer header to a particular URL for all major search engines. This will trick the BHSEO landing pages to no longer serve their payload to SES users. However, there are some legitimate uses for websites to know if a visitor came through a particular search engine. That's why the add-on also comes with a whitelist, where users can add exceptions for the websites they trust.

The Search Engine Security add-on can be downloaded and installed from here: http://zscaler.com/researchtools.html

Story … http://news.softpedi...ks-151395.shtml