Businesses cannot ignore the risk that search engine poisoning presents and need to install solutions that block out dangerous sites that host malware.
Surfing the Internet is dangerous because URLs have been compromised and search results manipulated to drive traffic to malicious sites.
Pieter Blaauw, security consultant at Performanta
Pieter Blaauw, security consultant at Performanta, speaking at ITWeb's Security Summit yesterday, said surfing the Internet is dangerous because URLs have been compromised and search results manipulated to drive traffic to malicious sites.
Blaauw says search engine results are targeted and malicious sites are unethically populated with common keywords, resulting in surfers clicking through to portals containing malware and their PCs becoming infected.
Blaauw says vulnerable and popular Web sites are also targeted and malicious code used to infect end-users' devices.
Led astray
A 2010 Barracuda Labs report found that Google was home to 69% of search engine malware, while Yahoo hosted 18% and Bing 12%, Blaauw points out. This year, a one-month snapshot showed there were 10.5 million potential victims due to search engine poisoning.
There are tools available online that aid poisoners, says Blaauw. For example, the Black Hole Exploit Kit can be downloaded and subscribed to for $1 500 a year, and it allows users to exploit applications such as PDF, Flash and Java.
When PC users become infected, they are in danger of becoming botnet slaves and having malicious software installed on their machines, says Blaauw. He says free solutions such as Avast WebRep are available, and companies such as Websense and McAfee offer corporate packages.
Blaauw explains that Google became prominent as a search engine in 2000 because it delivered better results due to its page-ranking innovation. The giant was formed two years earlier.
However, in 1999, the page-ranking algorithm started being abused, which led to the creation of the search engine optimisation (SEO) industry, says Blaauw. In turn, this spawned a Black Hat SEO sector, which is the unethical practice of boosting rankings, he explains.
Share