Poisoned search results emerge as top consumer threat

By Byron Acohido, USA TODAY , 18Jun2012, P1B

(See video) Getting  links to viral Web pages to appear among the top results when you query Google  has been a major web threat for several years.

The threat derives from cyber gangs using the same  Search Engine Optimization, or SEO, techniques used by  media companies, merchants and advertisers  to cause links to web pages they want you to visit to turn up high in search results rankings generated by Google, Bing, Yahoo, DuckDuck Go and other search engines and search portals,

The criminal variant, long  known as  Blackhat SEO,  more recently has been referred to as  “poisoned SER” (search engine results,) and “search toxification.”

Call it what you will, poisoned links appearing in search results have emerged as the top way cyber gangs spread scams and infect PC, according to a recent  Web traffic study from Blue Coat Security.

Poisoned search results, in fact, have surpassed e-mail as the main way cybercriminals attempt to victimize Internet users.  That’s the upshot of analysis of Web traffic from over 75 million users on home and corporate networks conducted by Blue Coat Security Labs.

Researchers found criminals are poisoning the search results consumers receive — upon querying Google, Bing and other search service — four times as often as sending out viral e-mail.

The bad guys’ goal in each case: get you to fall for scams or to infect and take control of your PC.

“Searching is at least as dangerous as going into your e-mail inbox and clicking on things,” says Chris Larsen, Blue Coat’s chief malware expert.

Hundreds of millions of consumers world wide use search engines several times a day “mentally predisposed to click on things because we’re exploring,” says Larsen.

Crooks may also be poisoning search results because e-mail defenses have gotten tighter, and most people now know enough to be wary of suspicious messages, says Peter Cassidy, secretary general of the Anti Phishing Working Group.

“When cybercrime gangs have to adjust their attack modality, it means they’re being persuaded by perhaps less than optimal results in the old modalities,” Cassidy says. “They’ve been forced to change their behavior.”

Criminals react quickly to intermingle tainted web links in search results for queries about major news events and celebrity topics. And they also spread links that turn up in results for hundreds of mundane topics, such as recipes and sample letters.

Google and Microsoft, which operates Bing and Yahoo search services, are pouring heavy resources into detecting and eradicating poisoned search results.

“We show millions of warnings to Google search users every day to warn them about suspicious websites,” says Matt Cutts, Software Engineer and head of Google’s Webspam team. “A combination of automated and manual processes helps us respond quickly to evolving threats and stay a step ahead.”

Even so, the attacks are getting through. In 2011, 26 million new samples of malicious software were detected on the Internet. And an estimated 39 percent of the world’s PCs are currently infected, according to the Anti Phishing Working Group.

Poisoned search results add to mix of bad things lurking on the Internet. “People are very much aware of conventional e-mail phishing,” Cassidy says. By contrast, he says, “search poisoning is a relatively new vintage for most people.”

Consumers can help themselves and the overall problem by becoming as wary of web addresses, or the URLs, associated with links that turn up in search results, experts say. For instance, avoid clicking to links that include .ru (Russia,) or .cn (China) when it does not make sense.

–Byron Acohido