Following several press interviews over the last couple of months, it was clear that many people don't quite grasp how the recent spate of SEO code injection attacks worked. Sure, they understand the concepts of the mass-defacements, but many people seem to think that it's the search engines fault.

In reality, it has very little to do with the search engine itself, it's all about the way the "smart" applications have tried to optimize their page content so they can get better page ranks in the resultant searches of potential customers. This Search Engine Optimization (SEO) can be abused fairly easily.

So, in order to help explain how the attack actually works, and propose some remediation/protection steps, I've created a new whitepaper on the subject - titled SEO Code Injection.

The paper can be found at http://www.technicalinfo.net/papers/SEOCodeInjection.html