Detecting Stealth Web Pages That Use Click-Through Cloaking

Search spam is an attack on search engines’ ranking algorithms to promote spam links into top search ranking that they do not deserve. Cloaking is a well-known search spam technique in which spammers serve one page to search-engine crawlers to optimize ranking, but serve a different page to browser users to maximize potential profit. In this experience report, we investigate a different and relatively new type of cloaking, called Click-Through Cloaking, in which spammers serve non-spam content to browsers who visit the URL directly without clicking through search results, in an attempt to evade spam detection by human spam investigators and anti-spam scanners. We survey different cloaking techniques actually used in the wild and classify them into three categories: server-side, client-side, and combination. We propose a redirection-diff approach to spam detection by turning spammers’ cloaking techniques against themselves. Finally, we present eight case studies in which we used redirection-diff in IP subnet-based spam hunting to defend a major search engine against stealth spam pages that use click-through cloaking.

tr-2006-178.doc
Word document
tr-2006-178.pdf
PDF file

Details

TypeTechReport
NumberMSR-TR-2006-178
Pages7
InstitutionMicrosoft Research
> Publications > Detecting Stealth Web Pages That Use Click-Through Cloaking