How Google Helps Hackers (Accidentally)

Because of Google's large market share in the Internet search engine business, hackers developed a vested interest in ensuring that their attacks are effective in poisoning Google results, according to software company Symantec.

"Google's breadth and speed of indexing also play a role," added Symantec, a company involved in providing security, storage and systems management solutions.

Symantec reported that search engine results poisoned with links to fake antivirus software have been a constant problem for Internet users. However, it is an effective way for cyber attackers to infect users' machines.

Based on Symantec's report on "Rogue Security Software" -- the culprits of these "toxic" search results are typically scam perpetrators who use a range of black hat search engine optimization (SEO) techniques to poison search engine results and increase the ranking of their scam websites on search engine indexes. A rogue security software program is a misleading application that pretends to be legitimate security software, but provides the user with little or no protection. In some cases, it actually facilitates the installation of malicious code that it claims to protect against.

Symantec has observed search results constantly and generated statistics on the top search trends every hour and determined how many were malicious (within the first 70 Google search results).

Among the key findings identified between March to April 2010, on Google search results include the following:

• On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results;

• On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL);

• On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms (see Figure 1);

• The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results;

• Almost all of the malicious URLs redirect to a fake antivirus page.

It is apparent that attackers continue to be effective at poisoning search results. They have an automated infrastructure that is able to automatically collect the latest, most popular search trends and poison the results, the company said.

Symantec advises netizens to be careful when clicking on search result links, especially when searching for hot search topics. The company also advised to follow its Twitter feed to find out the latest news on Internet threats.

Subscribe to the Security Watch Newsletter

Comments