A blog post from cloud security company Zscaler suggests that some Google searches recently returned results with 90% malicious links, and the spammers are using Google Trends to do it.
The example used in the post is a search for [tri energy], a phrase that was the hottest search on Google Trends on Friday, April 2nd. On its first check, Zscaler says 90 of the top 100 results were malicious — 86 of which sent users to a phony anti-virus page that tries to install malware.
For its part, Google is well aware of the problem. “Utilizing popular search terms and events to lure users into visiting malicious web pages is not new,” a Google spokesperson tells us. “Using any Google product to serve or host malware is a violation of our product policies. We actively work to detect and flag sites that serve malware, reacting to the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies.”
One of the common tricks that spammers use is placing malware on what looks like an anti-virus download page; users think they’re downloading helpful software, but they’re actually downloading the opposite. Google says it’s able (and others are, too) to detect these sites more quickly now, and its internal research shows that these fake anti-virus sites have a lifespan of about an hour.
And in fact, the Zscaler post points out that, after rechecking the search results eight hours later, there were still 90 malicious results, but Google had displayed a warning on 87 of them. But if there are so many malicious sites, why bother to show them in the search results at all?
“While attackers can and do generate new malicious websites,” Google says, “it’s more common for legitimate websites to become compromised and then start delivering malware.”
Both Google and Bing offer help to compromised web site owners via their respective webmaster centers.
Last summer, I reported on a McAfee study that detailed the riskiest search terms. In that report, some terms like “lyrics” and “myspace” produced search results pages with 50% malicious links.
Related Topics: Google: Security | Google: Trends | Google: Web Search | SEO: Spamming
I see the malicious sites popping up in virtually every query I run that is related to breaking news. I believe the site operators are using SEO software to monitor trends and automatically position bait-and-switch content on Websites in order to trap unsuspecting users.
The problem has gotten so bad over the past few months that whenever Google Chrome pops up a Malware warning I no longer click through to the site — I just accept the warning as is and find something else to click on.
Perhaps I am being unfair to many innocent sites, but it has been a long time since that Malware warning did NOT show me a compromised site (when I clicked through).
They may not have achieved 100% accuracy but they’re doing a pretty good job, in my opinion.
But I have to ask why one hand doesn’t know what the other is doing at Google. Why can’t the algorithm temporarily delist sites that the browser algorithm identifies as being compromised and schedule them for a revisit in a few days?
Ironically, my CAPTCH says “sought blockade”