According to ZDnet, during the past few days, Google Video has been targeted by a group of SEO Blackhatters who have already managed to hijack more than 400K search queries on Google Video.  As a result, users who are tricked into visiting the resulting video link, are taken to an adult website that is serving dangerous malware (W32/AutoTDSS.BNA!worm).  Apparently, this particular group of SEO blackhats have been responsible for a number of blackat SEO campaigns across the web.

What is particularly interesting about this particular attack is that they relied completely on traffic generated to search queries performed on Google Video search rather than organic search.  Additionally, in order to affect the more than 400K keyword queries so far, they have actually been syndicating legitimate Youtube videos for a variety of topics and keywords.

The group of cyber-criminals has a portfolio of 21 publisher domains that they are using to syndicate bogus and non-existent video content to Google Video.  Because they are doing this across 21 domains, duplicating the bogus content to show up dominating a particular keyword result is fairly easy, and it looks like results from different sites.

Here is how the attackers are doing their work:

  1. A user goes to Google Video Search and performs a keyword search.
  2. The user clicks on the video result in Google Video (from any of the 21 domains)
  3. The user is then taken to a single redirection point
  4. The user is then redirected to a well-known adult porn website that displays the following message:  “Your Flash Version is too old, Your Browser cannot play this file.  Click ‘OK’ to download and install an update for Flash Video Player”
  5. The user then is served malware if they are fooled into clicking “OK”


Additionally, the group has cloaked the blackhat campaign to hide it from being detected.  Basically, when they detect that you are a user visiting from Google Video, it then serves the malware whereas if you just browse their site, you will not see this happen.

Tricky, HUH? Google better get their act together soon.  We’ve seen all sorts of flaws with syndicating videos to Google Video  and it doesn’t surprise me one bit that someone figured out a tricky way to leverage the system for this purpose.  Hopefully all you readers realize that such a strategy is NOT the way to go.  We are 100% whitehat and encourage all SEO professionals to utilize ethical, white-hat methods. None-the-less, it is good to be aware of.