Cyber crooks are undoubtedly masters at seizing opportunity, and, they know when they’ve latched onto a good thing. Poisoned search engine results have proven to be a gold mine for the bad guys who, naturally, continue to be unrelenting in their chase to infect web searches.
Since drive-by downloads, which don’t require user action to create an infection, are resident on many of these compromised sites, this is bad news for the unwary Internet user.
This image (courtesy of Sunbelt Software), illustrates the results of a Google search with links to malware infected sites.
Search engines, including Google, do a relatively good job of scanning their index for potentially dangerous sites. Nevertheless, scanning does not detect all potentially dangerous sites – not even close.
To reduce the chances that you will be victimized by malicious search engine results, you should consider installing an appropriate Browser add-on, or if necessary, add-ons, to increase your safety margin. A list of recommended add-ons follows later in this article. But first, take a look at a new Firefox add-on I came across recently.
Search Engine Security turns the table on the bad guys by using using a technique familiar to most hackers – appearing to be something you’re not. Or, more properly, appearing to come from a location you’re not really at.
Basically, the addon changes the HTTP referrer (selectable by you), in the search string so that when you click on a returned link it appears to the link site that you have not arrived from Bing, Google, or Yahoo. In the screen capture above, you’ll notice I’ve changed the referrer header to my site.
Based on the theory that cyber crooks rely on you being directed to their sites by a search engine, and launching malware code only when the referrer string is identified as having come from a search engine, Search Engine Security should provide additional protection.
According to the developer here’s how it works:
This Firefox add-on handles Bing, Yahoo and Google search engines, in all languages. Normally, if a user clicks on a link within search engine results, the HTTP request to the external site contains a Referrer string from the search engine within the HTTP header.
For example, if a user searches for “this is a test” in Google, any request to a search result will include the following Referrer:
For these requests, the add-on changes the Referrer header to a different value. This means that the requested page does not know that a given request came from a Google, Yahoo or Bing search.
This is critical as Blackhat SEO pages only deliver malicious content (fake AV, Flash/Java updates, codecs, etc.) when requests come from the SEO results. Changing the Referrer header, breaks the attack.
Download at: Mozilla
Requirements: Firefox 3.0 – 3.6.*
Additional Internet Browser Protection:
It’s foolish to rely on only one form of protection, it seems to me, so take a look at the following browser security add-ons that are noted for their effectiveness.
It’s important to recognize that cyber-criminals are crafty, and there are no perfect solutions.
Web of Trust (WOT) – WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.
McAfee SiteAdvisor – A free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.
Finjan SecureBrowsing – Finjan SecureBrowsing searches major websites as well as search results for malicious content hiding behind links. By accessing and scanning destination URLs in real time, the add-on proactively warns you when a link is potentially dangerous.
ThreatExpert Browser Defender – The Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.
AVG Security Toolbar Free Edition – AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.
TrendProtect – TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.
I’ve reviewed and recommended a bag full of Browser security add-ons in the past few weeks, or so. No disrespect intended to those developers who have the public’s interest at heart when they develop Browser security add-ons, but…..
Am I the only one who thinks that building protection into my Brower in this potluck fashion, has reached the height of ridiculousness?
Isn’t it long past the time, when a Browsers should be built with the most appropriate form of protection already on board?
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.