When hacked websites are covered in the news it is usually due to information stored on the websites being compromised or malware being added to the website, but many websites are hacked for the less newsworthy goal of getting a top search result. We most often see this type of hack used to try get top search results for pharmaceutical related terms, hence this type of hack is often incorrectly labeled as being a pharma hack. We just ran into a set of websites hacked to reach the top search results for a very different item, UGG boots. The Huffington Post reported earlier this week that UGG boots are the fourth most most popular searched gift on Google Shopping, so it is easy to understand why this term would be targeted. In this case the hackers have been fairly successful in making it to the top of the results. Currently the eighth result for the search term for “UGG boots” in Google is one of the websites they have hacked:
At this point Google has detected that website in question has been hacked, but they haven’t removed it from the search results. To put that place in the results in perspective, major chains DICK’S Sporting Goods, Victoria Secret, and Bloomingdale’s all have their UGG Boot pages showing up on the second page of search results for the term.
Hackers also made it to the eight spot for the term “uggs” using another hacked website:
So how do the hackers gain top spots in the search results? The hackers use two sets of websites that they hacked. The first set are hacked to add links to pages on the second set of website. In the first set of websites HTML code full of links like this are added to the website:
Links are an important factor in how Google decide what pages to show in their search results, so if you can hack a lot of website and insert links to a web page you want to get in the top search results, you can make it happen.
The second set of websites are hacked to show Google content related to the search term instead of their usual content, which is referred to as cloaking. One of the websites in the links above is the website for the Virginia Department of Rail and Public Transportation and you can see the cloaking in action with it. If you do a search for their website right now on Google you will get this listing: