Regardless of the fact that many of us are seasoned web surfers, and we tend to be cautious, we’re not likely to question a search engine’s output – and, we should.
Barracuda Labs 2010 Annual Security Report, released just days ago, should be an eye opener for those who blindly assume all search engine results are malware free. In fact, search engine malware has doubled since we last reported on this security issue in 2009.
Barracuda Labs most recent study, reviewed more than 157,000 trending topics and roughly 37 million search results on Bing, Google, Twitter and Yahoo. Overall research results indicated that cyber criminals have bumped up the level of search engine malware, as well as expanded their target market beyond Google.
Key highlights from the search result analysis include:
In June 2010, Google was crowned as “King” of malware, turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed.
As malware spread across the other search engines, the ratios were distributed more evenly by December 2010, with Google producing 38 percent of overall malware; Yahoo! at 30 percent; Bing at 24 percent and Twitter at eight percent.
The amount of malware found daily across the search engines increased 55 percent from 145.7 in June 2010 to 226.3 in December 2010.
One in five search topics lead to malware, while one in 1,000 search results lead to malware.
The top 10 terms used by malware distributors include the name of a Jersey Shore actress, the president, the NFL and credit score.
There’s little doubt that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.
When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.
Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.
Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.
There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.
Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.
One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.
Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.
So what can you do to ensure you are protected, or to reduce the chances you will become a victim?
Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.
Fact: Consumer confidence in the reliability of search engine results, including relevant ads, is seriously misplaced.
You can download the full Barracuda Labs 2010 Annual Security Report (PDF), at Barracuda Labs.
Update: March 5, 2011. The following comment illustrates perfectly the issues discussed in this article.
Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.
I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
11 responses to “Search Engine Results – More Malware Surprises Than Ever!”
An excellent article! All should heed your warning; and your “So what can you do…” list should be implemented in it’s entirety. Very nice work.
Thank you Paul.
Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons. I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.
Thank you for posting your comment. It illustrates very effectively the dangers we all face on the Web.
As well, it’s a perfect example of just how quickly cyber criminals manipulate current events.
I’m not surprised at the results of that report. Maybe this is a good time to remind people of the benefits of virtualization. I “wouldn’t leave home without it”.
Yeah, you and American Express. 🙂
I hear ya on the virtualization issue – it’s definitely the key to staying safe. If the typical user could get over the virtualization “fear factor”, and run in virtual mode, we’d begin to make some headway in controlling cyber crime, I think.
Danae wrote “I made sure there was the green “O” for WOT for security reasons.”
Bill does that mean that WOT failed?
I don’t know what virtualization is but is that something which would be outside the range of the Point&Click Brigade?
Thanks for helping me to be safer, although you have to wonder what this world is coming to.
Yes, it appears that it did fail. This points out, once again, that there is no perfect tool.
The concept of virtualization can be difficult for an average user to comprehend – but it doesn’t have to be that way. There are a number of applications that are relatively easy to understand, including BufferZone. Take a look at – Free BufferZone Pro – Maybe The Best Surfing Virtualization Application At Any Price. This application is very easy to use, and the Help file in the application will get you over any rough spots.
“Disable hidden filename extensions”
How does one do this Bill?
Take a look here – How to Show Hidden File Name Extensions in Windows.
Here’s why this is a good idea- An attacker can send an email with a modified filename. For example, a worm may be attached to an email, let’s call it “LOVE-LETTER.TXT.vbs’, and if the hidden file extensions option is enabled, the .vbs extension will be hidden. The file will appear to be a harmless text file, but if opened the worm will execute and infect the machine.
Pingback: Free G Data CloudSecurity – Blocks Known Malware And Phishing Websites