Democrats.org Blog Spam Contributes to Google Search Poisoning

The other day I blogged about Google Trends being abused to serve malware.  The attackers were not only targeting the most popular search terms, but also manipulating Google’s page rankings to appear high up on search results.   Shortly thereafter it appeared that Google took action against that attack.  In deed a Google spokesperson confirmed that idea.

Today, Brian Krebs blogged on a separate story, but mentioned that while searching for a related term (pifts.exe), Google returned a poisoned link high on the results list.  After doing a little searching I discovered that the relevant term did seem to appear on Google’s top 100 search terms for a brief period.  However, the other terms I checked on Google Trends did not yield high ranked poisoned links as before.  But, I did come across a potential source for the page rank manipulation aspects of these attacks;  www.democrats.org, which is “Paid for by the Democratic National Committee “, and linked to from www.barackobama.com.

It turns out that this high-ranking website has a community blog feature that allows anyone to create a blog and post whatever they want.  Attackers have flooded this forum with bogus posts and thousands of links for more than a month.

Blog spam such as this is not anything new.  However, this highlights one significant effect of such spam and underlines the cause and effect relationship of security on the web.

Web searches are immensely useful and quite powerful.
Web 2.0, where a community of users contributes content for the betterment of the community can be a great thing.
But combined, a bad apple (or thousands) doesn’t just hurt the community; it can hurt a significant portion of the Web itself.