Replica Handbags and Black Hat SEO

September 11, 2012

Google Gives Update on How It’s Combating PiracyAs I do in a normal day, I was patrolling the mean streets of the web looking for websites selling fakes.  On this particular day, one site came to my attention.  How does a church website with no e-commerce component show up as a top search engine result for replica handbags?  When I examined the website’s source code, I observed that there was a javascript injection placing links into their website unbeknownst to them.

Below is an example of what I observed:

     
     elementId = Math.floor(Math.random() * 10001);
     document.writeln('
‘); document.getElementById(‘block’ + elementId) .style.display=’none’; <a href=”http://xxxxxx.com/db-gestion/pmd/styles/default/images/ icons/brandname/brand-name-products.php”>brand name products</a>

Search engines rank websites based on inbound links from legitimate websites.  A javascript injection like this created invisible links to the bad guys’ website the search engines can see but the viewer cannot.  The way this is done is by finding an open doorway into a legitimate website that does not have the latest security updates.  This is an example of a black hat technique that helps increase search engine results for their illegal site.  The lesson to be learned (besides keeping your software updated) is that there are many hidden efforts behind marketing contraband products and, in turn, many clues left behind if you know where to find them.

Now I’m going to finish my coffee.