Concetti Chiave
Reflected search poisoning (RSP) allows miscreants to free-ride the reputation of high-ranking websites and efficiently distribute a large volume of illicit promotion texts (IPTs) across major search engines, exposing regular search users to a diverse range of illegal goods and services.
Sintesi
The study makes the following key observations:
-
RSP-based IPTs are large-scale, continuously growing, and diverse in both illicit categories and natural languages. Over 11 million distinct IPTs belonging to 14 different illicit categories have been identified, promoting goods and services such as drug trading, data theft, counterfeit goods, and hacking services.
-
High-ranking websites have been heavily abused in RSP attacks, with 20,330 of the abused websites ranking in the top 1 million most popular websites, 2,113 in the top 10,000, and 854 being renowned educational institutions or 1,144 government agencies.
-
Regular search users are extensively exposed to IPTs, with 46% of searches for popular city names in China returning at least one IPT in the top 10 search results.
-
The underlying illicit promotion campaigns are operated on a large scale, with 83.62% of IPTs embedding instant messaging contacts as the next hops for victims to further interact with the operators.
The study highlights the negative security implications of RSP-driven illicit promotion and calls for more efforts to mitigate this emerging threat.
Statistiche
Over 11 million distinct IPTs have been identified.
13.3 million RSP cases have been observed.
20,330 of the abused websites rank in the top 1 million most popular websites.
2,113 of the abused websites are in the top 10,000 most popular websites.
854 of the abused websites are renowned educational institutions.
1,144 of the abused websites are government agencies.
46% of searches for popular city names in China return at least one IPT in the top 10 search results.
83.62% of IPTs embed instant messaging contacts as the next hops for victims.
Citazioni
"Reflected search poisoning (RSP) allows a miscreant to free-ride the reputation of high-ranking websites, poisoning search engines with illicit promotion texts (IPTs) in an efficient and stealthy manner, while avoiding the burden of continuous website compromise as required by traditional promotion infections."
"IPTs distributed via RSP are found to be large-scale, continuously growing, and diverse in both illicit categories and natural languages. Particularly, we have identified over 11 million distinct IPTs belonging to 14 different illicit categories, with typical examples including drug trading, data theft, counterfeit goods, and hacking services."
"High-rank websites have been heavily abused in RSP-based illicit promotion, while regular search engine users can be exposed extensively to various IPTs."