Search Engines Unsuspecting Pawns in Malware Attacks

Google, Yahoo, and Microsoft MSN have unwittingly become the delivery engine for malware attacks. According to blog posts by Search Engine Journal and SunBelt Software, attackers are elevating the search result positioning of malware laced sites by populating web forms on large numbers of web sites with the malicious URLs. Using bots to accomplish the task, this elevates the rankings, meaning users unknowingly receive search results that may have links to infected sites. After clicking the link they are attacked and infected with a large variety of attacks. Here's an excerpt from the Search Engine Journal:

Hundreds of legitimate search phrases have already been found to pull up links near the top of the results listings that lead straight to the malicius sites. According to Sunbelt Software, they've already found 27 different domains, each containing up to 1,499 bad pages. That's about 40,000 potential pages, which is a pretty big number.

Security threats are like water; they travel the path of least resistance that follows gravity. Phishing has long been the avenue of attackers to gain an unfair advantage over unsuspecting end users. With the pervasiveness of search engine use, search engines are the watering hole of the Internet which everyone frequents. Infect the water supply and you broaden the net of potential victims.

If the problem becomes pervasive enough it could damage end users' trust in search engines. Retention of search results for commercial use, use by law enforcement, or just leaving an unwanted trail of tell tale search phrases has been a sticking issue for end users. I doubt the infected search results problem will lead to widespread mistrust as Google and others will modify their indexing and prioritization algorithms to avoid serving up infected sites.

What should you do? Make sure you have your AV and other operating system and browser malware software installed and up to date. If you have a site with a web form for comments and such, make sure it requires the end user enter a text string from a displayed graphic to help stop the bots. And don't click on search results without first checking out the link to see if it might contain something suspicious.

Like this? Here are more recent posts.

Virtualization Center - You heard it here first

Microsoft captures early momentum of Verizon's "open" wireless network

Our World is Gonna Change Again

Oracle Virtual Server Preaching to the Choir

Microsoft security "process" trumps Open Source "many eyes"

Visit Microsoft Subnet for more news, blogs, opinion from around the Microsoft newsletter. (Click on News/Microsoft News Alert.)

Sign up for the

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022