Study: Malicious Search Results More Common In Bing & Image Search

Almost two of every three malicious redirects in major search engines are found on Bing, according to a new report from the web security firm Sophos.

Looking at data “from the last couple of weeks,” Sophos found that 65 percent of malicious search results that its web appliance blocked were from Bing. Google was responsible for 30 percent of the blocked redirects.


Image search is particularly vulnerable to this kind of attack. In a separate chart, Sophos says that 92 percent of the malicious redirects that it found were in image search results.


Sophos is using its own technology here to measure how many malicious redirects it’s blocking. Hackers often compromise legitimate web pages with hidden redirects that often only impact visitors coming from search engines. When a user clicks on a search result expecting to be taken to a legitimate site, the malicious redirect instead sends the user to a malicious site.

Sophos is saying that this is happening more often from Bing’s search results than Google’s, at least over the past couple weeks. A couple years ago, a study that examined malware in search results over a two-month period labeled Google the “King of Malware.”

Related Topics: Channel: SEO | Google: Security | Google: Web Search | Microsoft: Bing | SEO: Image Search | SEO: Spamming | Top News


About The Author: is Editor-In-Chief of Search Engine Land. His news career includes time spent in TV, radio, and print journalism. His web career continues to include a small number of SEO and social media consulting clients, as well as regular speaking engagements at marketing events around the U.S. He recently launched a site dedicated to Google Glass called Glass Almanac and also blogs at Small Business Search Marketing. Matt can be found on Twitter at @MattMcGee and/or on Google Plus. You can read Matt's disclosures on his personal blog.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • Jonathan Hochman

    This seems like a dubious conclusion that two thirds of bad URLs are on Bing. Sohpos is detecting bad urls that appear in Bing, but perhaps there are also lots of bad urls on Google, but Sophos just isn’t detecting them. This could happen if Google is better at listing new urls, such as new urls created by botnets to spread malware.

    Any security strategy that relies on lists of known threats is pretty much doomed to fail. Current malware technology generates new urls on the fly, so by the time something is blacklisted it’s old news. The attacks being launched today are using new urls that haven’t been seen before. Apparently Sophos is catching yesterday’s attacks, which is a lot better than what Bing can do, and somewhat better than Google. This news isn’t reassuring for either search engine.

    In my view the gold standard for threat detection is Damballa. They recently identified heavy click fraud activity targeting Facebook, Doubleclick, YouTube, Yahoo, MSN and Google. So, singling out Bing may be unfair and may be deflecting attention from the real problem.

  • Magic Cube

    They must do something about it. Anyway, you
    also might be interested with the new amazing Celluon Magic Cube, Bluetooth keyboard
    and mouse that provides an ergonomic way of typing on small devices such as
    iPads, iPhones, Tablets, smartphones and more. For more info, please visit a cool and ultra-portable, full-sized virtual
    computer keyboard.

  • Kyle Taylor

    Having used both Google and Bing, I have to respectfully totally disagree with Sophos.
    I get way more “malicious results” with Google than with Bing.
    No contest.

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide