Skip Links

Poisoned links plague Microsoft's Bing search

Malware-embedded images are the greatest threat on all search engines

By Taylor Armerding, CSO
October 12, 2012 10:26 AM ET

CSO - Microsoft's Bing is the king of poisoned search engine links. Or, perhaps it isn't.

A recent study by Fraser Howard, a principle virus researcher at SophosLabs, suggested that the risk of clicking on a "poisoned" link while using Bing was more than twice that from using Google, even though Google has more than four times the "market share" of Bing in search engine rankings.

11 free Microsoft tools

But, those results come with a few caveats. Howard noted both the duration and method of his research in his post on Sophos' Naked Security blog: "Taking data from the last couple of weeks for search engine redirects blocked on our web appliance, it is clear that the majority of the redirects are affecting those using the Bing search engine," he wrote.

Specifically, 65% of those redirects were from Bing searches, while only 30% were from Google.

However, Chester Wisniewski, senior security adviser at Sophos, said: "We are not suggesting that 65% of Bing searches were poisoned, rather that of the poisoned searches encountered by Sophos customers, 65% were from users who use Bing. This might only be 1% -- we don't know -- of all Bing searches."

Wisniewski said this does not mean Howard's survey, brief as it was, lacked credibility. "On the assumption that the results from our poll are somewhat reflective of our customers, approximately 43% of our readers use Google and 20% Bing," he said.

[See also: Search engine optimization techniques for hackers]

"You could argue, based upon those statistics, that there are four times as many dodgy results on Bing as on Google," Wisniewski said. "That's not the most scientific of studies, but based on my experience this seems to be the case."

Howard said that both Bing and Google are much better at filtering malware-laden text links than image links. He said 92% of malicious results were found via image search queries. Clicking on a rogue image "results in being redirected to a malicious Blackhole exploit site (v2, naturally!)," he wrote.

Francis Bea at Digital Trends reported that cybercriminals use blackhat, or banned, search engine optimization (SEO) to "increase the chances that a URL will appear on the front page of a search engine's results."

Still, the obvious question is: What, if anything, is Google doing that makes it more successful in blocking blackhat SEO and filtering out malicious links?

Wes Miller, of the independent analysis firm Directions on Microsoft, said one factor in Google's relative success could be its long relationship with VirusTotal, which culminated in its recent acquisition by Google.

"It's not known if VirusTotal is the reason for, or helps to prevent, these malicious links," Miller said. "But it needs to be taken in consideration."

"I think that it is possible that Google has generally spent more time and energy protecting users from search-induced malicious content, and this is one of the net results of spending those resources," he said.

Wisniewski said he doesn't know why Google's results were so much better than Bing, "but they do have a lot more experience at combating people who want to make a living manipulating search engines."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News