Cenzic 232 Patent
Paid Advertising
web application security lab

Windows Live Italy Being Used Maliciously

Zach sent me a link to a hackin the box article about how Windows Live is being used by blackhat SEO (search engine optimization) to bring malware links to the top of the search results. This marriage between blackhat SEO and hacking is starting to take off. It’s unclear what tactic they used to get to the top of the search results, but clearly, it worked, as they ended up taking over quite a bit of Live’s Italian site.

Once the users were on the Live.com site apparently they were served up links to malware sites. The search engine itself was used as a conduit for sending people to the malicious search pages. This is yet another reason why search engines shouldn’t index XSS. Even if the site is benign, they would be indexing links to malicious pages on benign sites. Anyway, interesting read, and it’s scary that the SEO community is now dabbling in hacking as well. It was only a matter of time.

2 Responses to “Windows Live Italy Being Used Maliciously”

  1. zeno Says:

    Yes, I’ve been researching this for years. This is why engines will turn into wiki/digg based results requiring an account in order to vote up the link relivance. It will happen it is only a matter of time. Yes people will pay click monkeys, however it will still greatly reduce the risk.

    - zeno
    http://www.cgisecurity.com/

  2. Windows Live en Italia dominado por los hackers : Says:

    […] acuerdo a un artículo de ha.ckers.org, la página web de búsqueda Windows Live Search en Italia está dominada por […]