The example used in the post is a search for [tri energy], a phrase that was the hottest search on Google Trends on Friday, April 2nd. On its first check, Zscaler says 90 of the top 100 results were malicious — 86 of which sent users to a phony anti-virus page that tries to install malware.
For its part, Google is well aware of the problem. “Utilizing popular search terms and events to lure users into visiting malicious web pages is not new,” a Google spokesperson tells us. “Using any Google product to serve or host malware is a violation of our product policies. We actively work to detect and flag sites that serve malware, reacting to the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies.”
One of the common tricks that spammers use is placing malware on what looks like an anti-virus download page; users think they’re downloading helpful software, but they’re actually downloading the opposite. Google says it’s able (and others are, too) to detect these sites more quickly now, and its internal research shows that these fake anti-virus sites have a lifespan of about an hour.
And in fact, the Zscaler post points out that, after rechecking the search results eight hours later, there were still 90 malicious results, but Google had displayed a warning on 87 of them. But if there are so many malicious sites, why bother to show them in the search results at all?
“While attackers can and do generate new malicious websites,” Google says, “it’s more common for legitimate websites to become compromised and then start delivering malware.”
Last summer, I reported on a McAfee study that detailed the riskiest search terms. In that report, some terms like “lyrics” and “myspace” produced search results pages with 50% malicious links.