Scammers stuff PDF documents with junk to help with SEO
2015-07-13, 03:20 PM,
(This post was last modified: 2015-07-18, 01:19 PM by Raman saab.)
#1
These days, every company knows that having its website appear at the top of Google’s results for relevant keyword searches makes a big difference in traffic and helps the business. Numerous search engine optimization (SEO) techniques have existed for years and provided marketers with ways to climb up the PageRank ladder. In a nutshell, to be popular with Google, your website has to provide content relevant to specific search keywords and also to be linked to by a high number of reputable and relevant sites. (These act as recommendations, and are rather confusingly known as “back links,” even though it’s not your site that is doing the linking.)
Google’s algorithms are much more complex than this simple description, but most of the optimization techniques still revolve around those two goals. Many of the optimization techniques that are being used are legitimate, ethical and approved by Google and other search providers. But there are also other, and at times more effective, tricks that rely on various forms of internet abuse, with attempts to fool Google’s algorithms through forgery, spam and even hacking.
One of the techniques used to mislead Google’s page indexer is known as cloaking. A few days ago, we identified what we believe is a new type of cloaking that appears to work very well in bypassing Google’s defense algorithms.
The idea of cloaking is to tell Google’s search engine one thing when it comes looking, but show something completely different to human visitors.
This is possible because search engines give away their presence by setting a special field inside the web request that asks for content. Where your browser might put text like “User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3)” into its web request, Google identifies itself as “Googlebot.”
A cloaked page would serve the Googlebot with content that is stuffed with keywords to suggest that your site is relevant to specific search terms. In the past, this technique was heavily used in malware attacks, so that searching for “Justin Bieber” and then following a link found in search results could actually take you to an exploit-ridden malicious website instead. (This Naked Security article explains how these attacks work.)
But regular visitors would see a regular page, so everything would look normal and no one would realize that there was a problem worth reporting.
The second most important part of search result manipulation is to ensure that Googlebot sees other relevant and well-ranked sites that include links to yours. This lets Googlebot assume that your website isn’t just relevant to those keywords, but is also popular and recognized by other Internet users. To make this happen, legitimate marketers rely on generating attractive content, building cross-linking agreements, promoting sites on social networks and paying for advertisements. On the other side, rogue SEO marketers spam their links on blogs and forums by posting fake comments, create dedicated websites to form a “link farm” and, in the worst case, hack into legitimate sites to plant pages that link to theirs. This technique is known as link spamming.
In response to this, the engineers at Google made a number of improvements to their page-ranking algorithms (notably the Panda engine releases). Those improvements aimed to make it difficult and expensive to achieve high page ranks using malicious methods. Today’s fine-tuned version is doing a good job against known techniques, but this doesn’t stop rogue actors from trying to find loopholes and weaknesses in the algorithm.
Our discovery of a new search poisoning method came from a Sophos Antivirus detection that Jason Zhang of SophosLabs created based on a suspicious-looking PDF file. In short order, we received hundreds of thousands of unique PDF documents per day that triggered this detection.
After quick inspection, we realized that someone was using cloaking techniques to poison search results, but instead of feeding fake HTML pages to the Googlebot, they were using PDFs instead.
As far as we can tell, Google’s cloaking-detection algorithms, which aim to spot web pages that have been artificially (and unrealistically) loaded with keywords, aren’t quite so strict when the bogus content is supplied in a document. It seems that Google implicitly trusts PDFs more than HTML, in the same way that it trusts links on .edu and .gov sites more than those on commercial web pages.
When doing a Google search for keywords found inside those PDFs we found a large amount of similar documents on a number of legitimate, but unrelated and likely compromised, websites. In addition to the heavy use of specific keywords, the PDFs include links to documents planted on other websites, forming a so-called “back link wheel.”
[Image: backlink-wheel.png?w=640]
(Image source: Wikipedia)
This trick seems to have been enough to trick Google into giving the documents an artificially high search ranking.
The final step in the scenario was to redirect the unsuspecting users who click on a PDF link to a promoted website.
We suspect that this technique could be used for a variety of purposes, including the distribution of malware. So far, however, we have only seen it in a marketing campaign to promote so-called “binary trading” broker services.
Here is an example of the first page of poisoned search results:
[Image: poisoned-search-google.png?w=640]
Almost every link that we see on the results page belongs to this campaign. It is particularly successful and obvious when you search for a combination of lower-frequency keywords like “Austria” and “binary trading” as in the example above.
When clicked, the PDF links redirect to the website for a “binary options” trading broker:
[Image: binarytrade1.png?w=640]
At a later stage the same links pointed to a seemingly different get-rich-fast scheme:
[Image: seo-redir.png?w=373&h=138]
In order to see the actual PDF document, we need to select its cached version in Google’s search result, in the menu next to the link:
[Image: pdf-cached.png?w=640&h=575]
A document that looks legitimate at first glance turns into complete nonsense when you start reading it. Also, you can clearly see the hyperlinks placed throughout the document. Those are the links that, when followed, expose the whole link farm to the Googlebot.
Many other phrases and keyword combinations within the document give us a good idea of what else we could search for. A quick analysis reveals that many three-word combinations found in the document would lead to the same PDFs when searched. Even a fairly broad search, like “safe stock trade US” would bring those links to the very top of the results:
[Image: safe-stock-trade-search.png?w=640]
In order to see what happens when Google’s crawler visits the link, we can run a web client program with the User-Agent header string set to “Googlebot”:
$ curl -is --user-agent "Googlebot" "http://www.[WEBSITE].com/?index.php?id=[ARGS]"
HTTP/1.1 200 OK
Date:
Server: Apache
Transfer-Encoding: chunked
Content-Type: application/pdf
%PDF-1.3
1 0 obj
<< /Type /Catalog
/Outlines 2 0 R
[...]
But to observe what unsuspecting users would see if they clicked on what they thought was a link to a PDF document, we can simply use a web browser with developer tools. Here is an example of the redirection chain that takes place:
[Image: redirection-chain1.png?w=800&h=106]
Not surprisingly, the redirection involves some TDS sites (Traffic Distribution Systems) that pass along a unique ID of the affiliate marketer responsible for this campaign.
We provided detailed information about our findings to Google, along with notice about our intent to publish. Google acknowledged our communication but chose not to comment further. We trust that the necessary measures are being taken to counter these search result poisoning attempts.
https://blogs.sophos.com/2015/07/07/goog...ew-tricks/
http://www.csoonline.com/article/2944677...aking.html
http://searchengineland.com/it-security-...nts-224941

SOURCE-: http://seorankingtricks.blogspot.in/2015...-junk.html
Latest Thanks - View all

Jose77(2015-07-19 05:22 AM) killianL337(2015-07-17 08:25 PM) makanaki(2015-07-17 07:17 PM) esmeralda(2015-07-17 10:13 AM) Moneybo(2015-07-17 07:48 AM) kambing(2015-07-17 05:22 AM) Jokondo(2015-07-17 03:39 AM) tirycm(2015-07-17 03:13 AM) SiZiF(2015-07-17 02:31 AM) Danisk(2015-07-17 02:00 AM) Bryan(2015-07-17 01:37 AM) porphyritic(2015-07-17 01:29 AM) MagnesiumSEO(2015-07-17 01:19 AM) blazk(2015-07-17 01:18 AM) g0vi5(2015-07-17 01:10 AM) Calapsss(2015-07-17 01:01 AM) cracky(2015-07-17 01:00 AM) q1snbdy(2015-07-16 11:52 PM) dadada(2015-07-16 11:10 PM) vacworks(2015-07-16 09:33 PM) MasterMind(2015-07-16 08:20 PM) staffer(2015-07-16 07:58 PM) trebol(2015-07-16 07:46 PM) Dejan(2015-07-16 07:27 PM) Pyromaniac(2015-07-16 05:50 PM) alxwanted6k(2015-07-16 05:46 PM) sLk1337(2015-07-16 05:43 PM) wizard74(2015-07-16 05:08 PM) JohnX007(2015-07-16 05:07 PM) ericlavar(2015-07-16 05:06 PM) bossul(2015-07-16 04:58 PM) money007(2015-07-16 04:57 PM) Money Hunter(2015-07-16 04:53 PM) moro1991(2015-07-16 04:45 PM) Mr. Tokyo(2015-07-16 04:38 PM) Peachpies(2015-07-16 04:37 PM) SnackyCPA(2015-07-16 04:03 PM) MIG92(2015-07-16 03:23 PM) Enki(2015-07-16 03:08 PM) cicsmayhem(2015-07-16 03:06 PM) User(2015-07-16 02:41 PM) themann(2015-07-16 01:49 PM) Niki(2015-07-16 12:24 PM) Accipitridae(2015-07-16 12:23 PM) wilhb81(2015-07-16 12:17 PM) - NiNSHUU -(2015-07-16 12:17 PM) antikvar(2015-07-16 11:58 AM) Await(2015-07-16 11:50 AM) Thunderstorms(2015-07-16 11:43 AM) powerboy123(2015-07-16 11:10 AM) Jack Daniels(2015-07-16 11:10 AM) jerrylee(2015-07-16 11:02 AM) Earth(2015-07-16 10:07 AM) android(2015-07-16 10:06 AM) immart247(2015-07-16 10:03 AM) ThaRealGold(2015-07-16 09:51 AM) bigred010(2015-07-16 09:49 AM) croco(2015-07-16 09:47 AM) NutraCash(2015-07-16 09:44 AM) blackseocn(2015-07-15 10:00 PM) bootsevasco(2015-07-14 08:32 PM) vuli(2015-07-14 09:18 AM) filipdavchev(2015-07-13 10:15 PM) strannic(2015-07-13 07:19 PM) RedGunn(2015-07-13 06:27 PM) mantuxas(2015-07-13 05:56 PM) 4WD(2015-07-13 05:28 PM) locmanis(2015-07-13 04:07 PM) SEOEnroll(2015-07-13 04:02 PM) Method(2015-07-13 03:44 PM) DotA4FuN(2015-07-13 03:40 PM) Eye(2015-07-13 03:30 PM) yesman(2015-07-13 03:27 PM) 
Reply
2015-07-16, 09:46 AM,
#2
Nice Work Man. I had seen tons of pdfs popping up in page 1s lately.
Reply
2015-07-16, 04:06 PM,
#3
How to do this? x

pαтιeɴce, perѕιѕтeɴce αɴd perѕpιrαтιoɴ мαĸe αɴ
υɴвeαтαвle coмвιɴαтιoɴ ғor ѕυcceѕѕ
Reply
2015-07-17, 01:06 AM,
#4
nice post.. could you show us how to make a pdf like that or we can make it by copy pasting keywords on pdf and adding hyperlinks to redirect page.. perhaps you could teach us how?
Reply
2015-07-17, 01:15 AM,
#5
The real question, is it still doable? haha
Reply
2015-07-17, 01:18 AM,
#6
Copied content from Forum discussions are not allowed here., locked for thanks. Not cool man.
Latest Thanks - View all

porphyritic(2015-07-17 01:30 AM) 
Reply
2015-07-18, 01:19 PM,
#7
As you say locked remove bro
Reply
2015-07-19, 05:00 AM,
#8
Someone like janonymous shouldn't have to point out that this was a copy/paste. Raman saab should make it ultra clear that this is not his content. Instead he attempted to get some free thanks...

This community deserves better.

~MoneyCashers

Even if you don't believe in yourself... I will. :)

[Image: banner3.jpg]
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Three Powerful Strategies to Hack On-Page SEO LB'Decoy 8 293 Today, 12:29 AM
Last Post: TheCpaMaster
  How to Get More SEO Value from your Nofollow Links LB'Decoy 5 98 Yesterday, 11:17 PM
Last Post: carryminati
  [IMPORTANT] Heights of Negative SEO going Around Be Careful trafficbeast 1 102 Yesterday, 10:55 PM
Last Post: mogansi
  [SEO] Best Traffic Strategies For 2018 Jackprince501 4 177 Yesterday, 01:59 PM
Last Post: Jackprince501
  How to Prevent and Protect yourself from Negative SEO LB'Decoy 10 286 2017-10-19, 09:43 PM
Last Post: emirasor




About Us | Contact Us | CPA Elites | Advertise | Stats | Staff Team

© 2013-2017 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top