Team for Research in
Ubiquitous Secure Technology

Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade
Nektarios Leontiadis, Tyler Moore, Nicolas Christin

Citation
Nektarios Leontiadis, Tyler Moore, Nicolas Christin. "Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade". Proceedings USENIX Security 2011, August, 2011.

Abstract
We investigate the manipulation of web search results to promote the unauthorized sale of prescription drugs. We focus on search-redirection attacks, where miscreants compromise high-ranking websites and dynamically redirect traffic to different pharmacies based upon the particular search terms issued by the consumer. We constructed a representative list of 218 drug-related queries and automatically gathered the search results on a daily basis over nine months in 2010-2011. We find that about one third of all search results are one of over 7 000 infected hosts triggered to redirect to a few hundred pharmacy websites. Legitimate pharmacies and health resources have been largely crowded out by search-redirection attacks and blog spam. Infections persist longest on websites with high PageRank and from .edu domains. 96% of infected domains are connected through traffic redirection chains, and network analysis reveals that a few concentrated communities link many otherwise disparate pharmacies together. We calculate that the conversion rate of web searches into sales lies between 0.3% and 3%, and that more illegal drugs sales are facilitated by search-redirection attacks than by email spam. Finally, we observe that concentration in both the source infections and redirectors presents an opportunity for defenders to disrupt online pharmacy sales.

Electronic downloads


Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Nektarios Leontiadis, Tyler Moore, Nicolas Christin. <a
    href="http://www.truststc.org/pubs/780.html"
    >Measuring and Analyzing Search-Redirection Attacks in
    the Illicit Online Prescription Drug Trade</a>,
    Proceedings USENIX Security 2011, August, 2011.
  • Plain text
    Nektarios Leontiadis, Tyler Moore, Nicolas Christin.
    "Measuring and Analyzing Search-Redirection Attacks in
    the Illicit Online Prescription Drug Trade".
    Proceedings USENIX Security 2011, August, 2011.
  • BibTeX
    @inproceedings{LeontiadisMooreChristin11_MeasuringAnalyzingSearchRedirectionAttacksInIllicit,
        author = {Nektarios Leontiadis and Tyler Moore and Nicolas
                  Christin},
        title = {Measuring and Analyzing Search-Redirection Attacks
                  in the Illicit Online Prescription Drug Trade},
        booktitle = {Proceedings USENIX Security 2011},
        month = {August},
        year = {2011},
        abstract = {We investigate the manipulation of web search
                  results to promote the unauthorized sale of
                  prescription drugs. We focus on search-redirection
                  attacks, where miscreants compromise high-ranking
                  websites and dynamically redirect traffic to
                  different pharmacies based upon the particular
                  search terms issued by the consumer. We
                  constructed a representative list of 218
                  drug-related queries and automatically gathered
                  the search results on a daily basis over nine
                  months in 2010-2011. We find that about one third
                  of all search results are one of over 7 000
                  infected hosts triggered to redirect to a few
                  hundred pharmacy websites. Legitimate pharmacies
                  and health resources have been largely crowded out
                  by search-redirection attacks and blog spam.
                  Infections persist longest on websites with high
                  PageRank and from .edu domains. 96% of infected
                  domains are connected through traffic redirection
                  chains, and network analysis reveals that a few
                  concentrated communities link many otherwise
                  disparate pharmacies together. We calculate that
                  the conversion rate of web searches into sales
                  lies between 0.3% and 3%, and that more illegal
                  drugs sales are facilitated by search-redirection
                  attacks than by email spam. Finally, we observe
                  that concentration in both the source infections
                  and redirectors presents an opportunity for
                  defenders to disrupt online pharmacy sales.},
        URL = {http://www.truststc.org/pubs/780.html}
    }
    

Posted by Nicolas Christin on 1 Oct 2011.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.