Links to malware sites pushed up by blackhat SEO techniques are more common on Google than other search engines, according to an internet security firm.
Julien Sobrier of Zcaler, a cloud security firm, claims in a post on the company’s research blog that the problem of malicious links in Google results is significant and growing. It appears that malicious site owners and other disreputable elements of the online world are using trending topics to push their sites up the search rankings. Sobrier says that out of the first 100 results for a popular search term, 15%-20% can contain malicious links.
Sobrier bases his claim on an investigation using the top search term for April 2nd (‘Tri Energy’ – a form of energy efficiency house improvements) and his previous inquiries into popular search terms.
For the “Trienquiries-Energy” search, Sobrier says that more than 90% of the first 100 links were malicious. Whilst the first five links on the first page of results were legitimate, 86 links sent users to a fake anti virus page that attempted to install malware on the user computer. At the time of his search, only four of the malicious links delivered a warning page in Google.
Though he notes that this is an extreme case, using other trending topics Sobrier clearly illustrates that the “overall problem” of malicious use of search engine optimisation “is not rare at all.” On the same day, the #5 trending term (“epic google”) had 50% malicious links in the first 100 results, whilst the #2 search term (“mendicant”) had 38%.
It appears that the world’s most popular search engine is also the most popular target for blackhat SEO tactics; using the same search term, it appears that Yahoo only displayed four malicious links on pages 2, 6 and 7, whilst Bing did not show any malicious links. Either Google is the only engine effectively picking up the new pages – created specifically to target trending terms – or Bing and Yahoo have a stricter policy regarding malware and search results.
In a related post, Matt McGee of Search Engine Land writes that a Google spokesperson is aware of the problem. They claim that fake anti-virus sites have a lifespan of about an hour – a claim that would undoubtedly be disputed by Sobrier, who’s post claims that it took two days for Google “to start clean up [sic] the results from April 2nd to April 5th in the morning” on the other terms.
However, eight hours later for the original term, 87 of the malicious sites displayed a warning tag in the search results. According to Google, the results aren’t screened out (which may be happening on Bing/Yahoo), because “while attackers can and do generate new malicious websites, it’s more common for legitimate websites to become compromised and then start delivering malware.”
Related posts:
