Trend Micro threat analysts from EMEA have found a blackhat search engine optimization (SEO) attack that uses strings with the phrase “free printable” to hijack search traffic by directing it to a rogue search engine.
As of now, the cybercriminals’ goal in all these seems to be hijacking search traffic from search engines and redirecting them to their own ones to earn money. If it stays as such is not yet known but users need to be wary since it would be very easy for cybercriminals to change the final landing site of the redirections to a malware-hosting site.
A diagram illustrating how hijacking searches work is shown below.
It is very possible that this blackhat SEO attack takes advantage of the fact that the interest in free printable items is relatively high, especially in South Africa and in the United States.
We are strongly advising users not to use search strings that include the words “free printable,” as the results may lead to malicious websites.
We are currently monitoring this attack and will update this entry for developments.
Update as of January 27, 2010, 5:30 p.m. (GMT +8:00):
Below are screenshots of a page (and its source code) found inside a hijacked website that comes up when using the search string “free printable (some item).”