Papers
Topics
Authors
Recent
Search
2000 character limit reached

Reflected Search Poisoning for Illicit Promotion

Published 8 Apr 2024 in cs.CR | (2404.05320v2)

Abstract: As an emerging black hat search engine optimization (SEO) technique, reflected search poisoning (RSP) allows a miscreant to free-ride the reputation of high-ranking websites, poisoning search engines with illicit promotion texts (IPTs) in an efficient and stealthy manner, while avoiding the burden of continuous website compromise as required by traditional promotion infections. However, little is known about the security implications of RSP, e.g., what illicit promotion campaigns are being distributed by RSP, and to what extent regular search users can be exposed to illicit promotion texts distributed by RSP. In this study, we conduct the first security study on RSP-based illicit promotion, which is made possible through an end-to-end methodology for capturing, analyzing, and infiltrating IPTs. As a result, IPTs distributed via RSP are found to be large-scale, continuously growing, and diverse in both illicit categories and natural languages. Particularly, we have identified over 11 million distinct IPTs belonging to 14 different illicit categories, with typical examples including drug trading, data theft, counterfeit goods, and hacking services. Also, the underlying RSP cases have abused tens of thousands of high-ranking websites, as well as extensively poisoning all four popular search engines we studied, especially Google Search and Bing. Furthermore, it is observed that benign search users are being exposed to IPTs at a concerning extent. To facilitate interaction with potential customers (victim search users), miscreants tend to embed various types of contacts in IPTs, especially instant messaging accounts. Further infiltration of these IPT contacts reveals that the underlying illicit campaigns are operated on a large scale. All these findings highlight the negative security implications of IPTs and RSPs, and thus call for more efforts to mitigate RSP-driven illicit promotion.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. J. Aldridge and R. Askew, “Delivery dilemmas: How drug cryptomarket users identify and seek to reduce their risk of detection by law enforcement,” International Journal of Drug Policy, vol. 41, pp. 101–109, 2017.
  2. J. Caballero, C. Grier, C. Kreibich, and V. Paxson, “Measuring pay-per-install: the commoditization of malware distribution.” in Usenix security symposium, vol. 13, 2011, pp. 1–13.
  3. Q. Cao, M. Sirivianos, X. Yang, and T. Pregueiro, “Aiding the detection of fake accounts in large scale social online services,” in 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12).   San Jose, CA: USENIX Association, Apr. 2012, pp. 197–210. [Online]. Available: https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/cao
  4. N. Christin, “Traveling the silk road: A measurement analysis of a large anonymous online marketplace,” in Proceedings of the 22nd international conference on World Wide Web, 2013, pp. 213–224.
  5. J. Devlin, M. Chang, K. Lee, and K. Toutanova, “BERT: pre-training of deep bidirectional transformers for language understanding,” CoRR, vol. abs/1810.04805, 2018. [Online]. Available: http://arxiv.org/abs/1810.04805
  6. K. Du, H. Yang, Z. Li, H. Duan, and K. Zhang, “The {{\{{Ever-Changing}}\}} labyrinth: A {{\{{Large-Scale}}\}} analysis of wildcard {{\{{DNS}}\}} powered blackhat {{\{{SEO}}\}},” in 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 245–262.
  7. Y. Gao, H. Wang, L. Li, X. Luo, G. Xu, and X. Liu, “Demystifying illegal mobile gambling apps,” in Proceedings of the Web Conference 2021, 2021, pp. 1447–1458.
  8. C. Grier, K. Thomas, V. Paxson, and M. Zhang, “@ spam: the underground on 140 characters or less,” in Proceedings of the 17th ACM conference on Computer and communications security, 2010, pp. 27–37.
  9. “Languages used on the internet,” https://en.wikipedia.org/wiki/Languages_used_on_the_Internet, 2023.
  10. L. Invernizzi, K. Thomas, A. Kapravelos, O. Comanescu, J.-M. Picod, and E. Bursztein, “Cloak of visibility: Detecting when machines browse a different web,” in 2016 IEEE Symposium on Security and Privacy (SP).   IEEE, 2016, pp. 743–758.
  11. J. P. John, F. Yu, Y. Xie, A. Krishnamurthy, and M. Abadi, “deseo: Combating search-result poisoning.” in USENIX security symposium, 2011, pp. 1–15.
  12. C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, K. Levchenko, V. Paxson, G. M. Voelker, and S. Savage, “Show me the money: Characterizing spam-advertised revenue.” in USENIX Security Symposium, vol. 35, 2011.
  13. P. Kotzias, L. Bilge, and J. Caballero, “Measuring pup prevalence and pup distribution through pay-per-install services.” in USENIX Security Symposium, 2016, pp. 739–756.
  14. P. Kotzias, J. Caballero, and L. Bilge, “How did that get in my phone? unwanted app distribution on android devices,” in 2021 IEEE Symposium on Security and Privacy (SP).   IEEE, 2021, pp. 53–69.
  15. N. Leontiadis, T. Moore, and N. Christin, “Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade.” in USENIX Security Symposium, vol. 11, 2011.
  16. Leontiadis, Nektarios and Moore, Tyler and Christin, Nicolas, “A nearly four-year longitudinal study of search-engine poisoning,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014, pp. 930–941.
  17. X. Li, H. Yan, X. Qiu, and X. Huang, “Flat: Chinese ner using flat-lattice transformer,” arXiv preprint arXiv:2004.11795, 2020.
  18. Z. Li, X. Du, X. Liao, X. Jiang, and T. Champagne-Langabeer, “Demystifying the dark web opioid trade: content analysis on anonymous market listings and forum posts,” Journal of Medical Internet Research, vol. 23, no. 2, p. e24486, 2021.
  19. X. Liao, K. Yuan, X. Wang, Z. Pei, H. Yang, J. Chen, H. Duan, K. Du, E. Alowaisheq, S. Alrwais et al., “Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search,” in 2016 IEEE Symposium on Security and Privacy (SP).   IEEE, 2016, pp. 707–723.
  20. Y.-C. J. Lin, Fake Stuff: China and the Rise of Counterfeit Goods.   Routledge.
  21. L. Lu, R. Perdisci, and W. Lee, “Surf: detecting and measuring search poisoning,” in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 467–476.
  22. D. McCoy, A. Pitsillidis, G. Jordan, N. Weaver, C. Kreibich, B. Krebs, G. M. Voelker, S. Savage, and K. Levchenko, “Pharmaleaks: Understanding the business of online pharmaceutical affiliate programs,” in Proceedings of the 21st USENIX conference on Security symposium, 2012, pp. 1–1.
  23. Y. Niu, H. Chen, F. Hsu, Y.-M. Wang, and M. Ma, “A quantitative study of forum spamming using context-based analysis.” in NDSS.   Citeseer, 2007.
  24. V. L. Pochat, T. van Goethem, and W. Joosen, “Tranco: A research-oriented top sites ranking hardened against manipulation,” CoRR, vol. abs/1806.01156, 2018. [Online]. Available: http://arxiv.org/abs/1806.01156
  25. K. Soska and N. Christin, “Measuring the longitudinal evolution of the online anonymous marketplace ecosystem,” in 24th {normal-{\{{USENIX}normal-}\}} security symposium ({normal-{\{{USENIX}normal-}\}} security 15), 2015, pp. 33–48.
  26. G. M. Southern, “Google’s john mueller recommends less than 5 hops per redirect chain,” https://www.searchenginejournal.com/googles-john-mueller-recommends-less-than-5-hops-per-redirect-chain, 2020.
  27. K. Thomas, J. A. E. Crespo, R. Rasti, J. M. Picod, C. Phillips, M.-A. Decoste, C. Sharp, F. Tirelo, A. Tofigh, M.-A. Courteau et al., “Investigating commercial pay-per-install and the distribution of unwanted software.” in USENIX Security Symposium, 2016, pp. 721–739.
  28. D. Y. Wang, S. Savage, and G. M. Voelker, “Cloak and dagger: dynamics of web search cloaking,” in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 477–490.
  29. P. Wang, X. Mi, X. Liao, X. Wang, K. Yuan, F. Qian, and R. A. Beyah, “Game of missuggestions: Semantic analysis of search-autocomplete manipulations.” in NDSS, 2018.
  30. Wang, David Y and Savage, Stefan and Voelker, Geoffrey M, “Juice: A longitudinal study of an seo botnet.” in NDSS, 2013.
  31. J. West and M. Bhattacharya, “Intelligent financial fraud detection: A comprehensive review,” vol. 57, pp. 47–66. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404815001261
  32. B. Wu and B. D. Davison, “Identifying link farm spam pages,” in Special interest tracks and posters of the 14th International Conference on World Wide Web, 2005, pp. 820–829.
  33. H. Yan, B. Deng, X. Li, and X. Qiu, “Tener: adapting transformer encoder for named entity recognition,” arXiv preprint arXiv:1911.04474, 2019.
  34. H. Yang, K. Du, Y. Zhang, S. Hao, Z. Li, M. Liu, H. Wang, H. Duan, Y. Shi, X. Su et al., “Casino royale: a deep exploration of illegal online gambling,” in Proceedings of the 35th Annual Computer Security Applications Conference, 2019, pp. 500–513.
  35. H. Yang, X. Ma, K. Du, Z. Li, H. Duan, X. Su, G. Liu, Z. Geng, and J. Wu, “How to learn klingon without a dictionary: Detection and measurement of black keywords used by the underground economy,” in 2017 IEEE Symposium on Security and Privacy (SP).   IEEE, 2017, pp. 751–769.
  36. R. Yang, X. Wang, C. Chi, D. Wang, J. He, S. Pang, and W. C. Lau, “Scalable detection of promotional website defacements in black hat seo campaigns.” in USENIX Security Symposium, 2021, pp. 3703–3720.
  37. K. Yuan, H. Lu, X. Liao, and X. Wang, “Reading thieves’ cant: Automatically identifying and understanding dark jargons from cybercrime marketplaces.” in USENIX Security Symposium, 2018, pp. 1027–1041.
  38. Q. Zhang, D. Y. Wang, and G. M. Voelker, “Dspin: Detecting automatically spun content on the web.” in NDSS, 2014.
  39. K. Zhao, Y. Zhang, C. Xing, W. Li, and H. Chen, “Chinese underground market jargon analysis based on unsupervised learning,” in 2016 IEEE Conference on Intelligence and Security Informatics (ISI).   IEEE, 2016, pp. 97–102.
  40. Y. Zhou, X. Wang, J. Zhang, P. Zhang, L. Liu, H. Jin, and H. Jin, “Analyzing and detecting money-laundering accounts in online social networks,” IEEE Network, vol. 32, no. 3, pp. 115–121, 2018.
  41. W. Zhu, H. Gong, R. Bansal, Z. Weinberg, N. Christin, G. Fanti, and S. Bhat, “Self-supervised euphemism detection and identification for content moderation,” in 2021 IEEE Symposium on Security and Privacy (SP).   IEEE, 2021, pp. 229–246.

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free