Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade

Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade
Nektarios Leontiadis, Tyler Moore, Nicolas Christin

Citation
Nektarios Leontiadis, Tyler Moore, Nicolas Christin. "Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade". Proceedings USENIX Security 2011, August, 2011.

Abstract
We investigate the manipulation of web search results to promote the unauthorized sale of prescription drugs. We focus on search-redirection attacks, where miscreants compromise high-ranking websites and dynamically redirect traffic to different pharmacies based upon the particular search terms issued by the consumer. We constructed a representative list of 218 drug-related queries and automatically gathered the search results on a daily basis over nine months in 2010-2011. We find that about one third of all search results are one of over 7 000 infected hosts triggered to redirect to a few hundred pharmacy websites. Legitimate pharmacies and health resources have been largely crowded out by search-redirection attacks and blog spam. Infections persist longest on websites with high PageRank and from .edu domains. 96% of infected domains are connected through traffic redirection chains, and network analysis reveals that a few concentrated communities link many otherwise disparate pharmacies together. We calculate that the conversion rate of web searches into sales lies between 0.3% and 3%, and that more illegal drugs sales are facilitated by search-redirection attacks than by email spam. Finally, we observe that concentration in both the source infections and redirectors presents an opportunity for defenders to disrupt online pharmacy sales.

Electronic downloads

Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.

Citation formats

HTML

Nektarios Leontiadis, Tyler Moore, Nicolas Christin. <a
href="http://www.truststc.org/pubs/780.html"
>Measuring and Analyzing Search-Redirection Attacks in
the Illicit Online Prescription Drug Trade</a>,
Proceedings USENIX Security 2011, August, 2011.

Plain text

Nektarios Leontiadis, Tyler Moore, Nicolas Christin.
"Measuring and Analyzing Search-Redirection Attacks in
the Illicit Online Prescription Drug Trade".
Proceedings USENIX Security 2011, August, 2011.

BibTeX

@inproceedings{LeontiadisMooreChristin11_MeasuringAnalyzingSearchRedirectionAttacksInIllicit,
    author = {Nektarios Leontiadis and Tyler Moore and Nicolas
              Christin},
    title = {Measuring and Analyzing Search-Redirection Attacks
              in the Illicit Online Prescription Drug Trade},
    booktitle = {Proceedings USENIX Security 2011},
    month = {August},
    year = {2011},
    abstract = {We investigate the manipulation of web search
              results to promote the unauthorized sale of
              prescription drugs. We focus on search-redirection
              attacks, where miscreants compromise high-ranking
              websites and dynamically redirect traffic to
              different pharmacies based upon the particular
              search terms issued by the consumer. We
              constructed a representative list of 218
              drug-related queries and automatically gathered
              the search results on a daily basis over nine
              months in 2010-2011. We find that about one third
              of all search results are one of over 7 000
              infected hosts triggered to redirect to a few
              hundred pharmacy websites. Legitimate pharmacies
              and health resources have been largely crowded out
              by search-redirection attacks and blog spam.
              Infections persist longest on websites with high
              PageRank and from .edu domains. 96% of infected
              domains are connected through traffic redirection
              chains, and network analysis reveals that a few
              concentrated communities link many otherwise
              disparate pharmacies together. We calculate that
              the conversion rate of web searches into sales
              lies between 0.3% and 3%, and that more illegal
              drugs sales are facilitated by search-redirection
              attacks than by email spam. Finally, we observe
              that concentration in both the source infections
              and redirectors presents an opportunity for
              defenders to disrupt online pharmacy sales.},
    URL = {http://www.truststc.org/pubs/780.html}
}

Posted by Nicolas Christin on 1 Oct 2011.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.