Report: Some Google ‘Hot Topic’ Searches Return 90% Malicious Links

A blog post from cloud security company Zscaler suggests that some Google searches recently returned results with 90% malicious links, and the spammers are using Google Trends to do it.

The example used in the post is a search for [tri energy], a phrase that was the hottest search on Google Trends on Friday, April 2nd. On its first check, Zscaler says 90 of the top 100 results were malicious — 86 of which sent users to a phony anti-virus page that tries to install malware.

For its part, Google is well aware of the problem. “Utilizing popular search terms and events to lure users into visiting malicious web pages is not new,” a Google spokesperson tells us. “Using any Google product to serve or host malware is a violation of our product policies. We actively work to detect and flag sites that serve malware, reacting to the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies.”

One of the common tricks that spammers use is placing malware on what looks like an anti-virus download page; users think they’re downloading helpful software, but they’re actually downloading the opposite. Google says it’s able (and others are, too) to detect these sites more quickly now, and its internal research shows that these fake anti-virus sites have a lifespan of about an hour.

And in fact, the Zscaler post points out that, after rechecking the search results eight hours later, there were still 90 malicious results, but Google had displayed a warning on 87 of them. But if there are so many malicious sites, why bother to show them in the search results at all?

“While attackers can and do generate new malicious websites,” Google says, “it’s more common for legitimate websites to become compromised and then start delivering malware.”

Both Google and Bing offer help to compromised web site owners via their respective webmaster centers.

Last summer, I reported on a McAfee study that detailed the riskiest search terms. In that report, some terms like “lyrics” and “myspace” produced search results pages with 50% malicious links.

Related Topics: Channel: SEO | Google: Security | Google: Trends | Google: Web Search | SEO: Spamming


About The Author: is Editor-In-Chief of Search Engine Land. His news career includes time spent in TV, radio, and print journalism. His web career continues to include a small number of SEO and social media consulting clients, as well as regular speaking engagements at marketing events around the U.S. He recently launched a site dedicated to Google Glass called Glass Almanac and also blogs at Small Business Search Marketing. Matt can be found on Twitter at @MattMcGee and/or on Google Plus. You can read Matt's disclosures on his personal blog.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • Michael Martinez

    I see the malicious sites popping up in virtually every query I run that is related to breaking news. I believe the site operators are using SEO software to monitor trends and automatically position bait-and-switch content on Websites in order to trap unsuspecting users.

    The problem has gotten so bad over the past few months that whenever Google Chrome pops up a Malware warning I no longer click through to the site — I just accept the warning as is and find something else to click on.

    Perhaps I am being unfair to many innocent sites, but it has been a long time since that Malware warning did NOT show me a compromised site (when I clicked through).

    They may not have achieved 100% accuracy but they’re doing a pretty good job, in my opinion.

    But I have to ask why one hand doesn’t know what the other is doing at Google. Why can’t the algorithm temporarily delist sites that the browser algorithm identifies as being compromised and schedule them for a revisit in a few days?

    Ironically, my CAPTCH says “sought blockade”

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide