While poisoned links are most frequently found on search engines, it’s becoming clear that social bookmarking sites such as Digg and Reddit are becoming cybercrime targets as well. Earlier this week, a blackhat SEO expert posted how he was able to drive traffic from Reddit to his blog entries. This report was picked up by media outlets such as The Register.
The attack against Reddit appears to be fairly simple. In essence, all it boils down to is having several newly created accounts vote for an article that the spammer posted. The spammer was able to automate this process. The only significant amount of human input needed was to solve CAPTCHAs for the accounts created.
It also became clear that one cannot perform these attacks with just any sort of content. It has to be of interest to Reddit users and be good enough to get them to naturally vote for it. Otherwise, his link will be quickly discovered, down-voted, or even removed. Optimization techniques like these are useful to give articles a “quick start” but have limitations afterward. More sophisticated attacks involve highly ranked users on the said sites whose votes have more influence.
These attacks can also be used in conjunction with conventional SEO tactics. On its own, a link from Digg and Reddit to a site will boost its Google ranking but other SEO tactics can also boost the ranking of a third-party page. This can be used for unscrupulous marketing efforts.
On their own, these techniques cause no direct harm to users. Owners of sites like Digg or Reddit are the ones likely to suffer, as their reputations may be sullied due to these kinds of links. One can argue that this sort of SEO efforts is shady though it may not be categorized as a form of information theft.
One can draw an analogy to Facebook where purported links to sensational news stories or to free offers invariably lead to surveys. The user is not directly harmed but the site’s “ecosystem” is damaged.
However, these tactics can very well be used by cybercriminals, too. KOOBFACE, for instance, is well-known for using social engineering tactics to get users to click links, much like many survey-based attacks.
Inherently, any site where users can share content like Digg, Reddit, or any other social networking site can be abused. So far, these abuses have not been done to spread malware. However, the tools and methodologies for such have already been developed and it will not be much of a surprise to see cybercriminals use these in the future.