Google SEO poisoning: The saga may continue

Google SEO poisoning: The saga may continue

Summary: Another round of bogus malware touting sites may be headed toward Google's search results again, according to the researcher tracking the issue.Earlier today, Sunbelt Software reported that Google had eradicated the malware scourge hampering search results.

SHARE:
TOPICS: Google, Malware, Security
31

Another round of bogus malware touting sites may be headed toward Google's search results again, according to the researcher tracking the issue.

Earlier today, Sunbelt Software reported that Google had eradicated the malware scourge hampering search results. That move had apparently closed the loop on a rash of malware in Google's results from Monday and Tuesday.

In an update, however, Sunbelt argues that there are indications that another round of sites are being registered with the .cn domain. The catch this go around: There are two types of fake sites being registered--and that could mean there are two groups involved. For its part, Google has asked the public for help.

It appears the first round of sites come from the same bunch from the prior attack. Now there's another group involved. Check out this screen from Sunbelt (there are more on the Sunbelt blog).

funnydrunkscreenm123988_thumb.jpg

Sunbelt writes in its blog:

There are apparently two different groups at work here. One we’ll call Type 1 -- which appears to be the same group involved in the prior poisoning. And the other, we'll call Type 2 (sorry, not very original, but we’re working fast here).

According to Sunbelt, it's not clear that these new sites are gearing up to deliver malware. But anything is possible. And it's not like Google is a small target. There's a lot of hacker glory in screwing with Google.

Topics: Google, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • And...

    ...people in Indonesia get a caning for chewing bubblegum!
    D T Schmitz
    • I believe you're thinking of...

      Singapore.
      MGP2
      • Is that you Kreskin? (kidding)

        I stand corrected.
        D T Schmitz
  • RE: Google SEO poisoning: The saga may continue

    I think you are deliberately attacking google than reporting as a professional. I can agree with your last post but this one with site:cn is very deliberate
    kyawam
    • Huh?

      Your post wasn't very clear. Are you upset because he blogged about Google, or because he called out the Chinese?

      If you're upset because he mentioned that, once again, this is originating in China, too damn bad.

      He stated a fact. Why are you whining about it? If you're Chinese and you don't like the fact that someone is finally pointing out what a garbage dump .cn is, how about working on getting your government to clean up that cesspool?

      But until then, spread the word everyone: [b]Friends don't let friends search with Google unless they add -site:.cn to their search strings![/b]
      Hallowed are the Ori
    • Double Huh

      I don't know whether you have a language problem of a logic problem, but your posting makes absolutely no sense to me whatsoever.
      greybeardtechie
  • Add the phrase "-site:cn" (without quotes) to Google searches

    If China doesn't want to help us fight cybercrime, block them out of your search results.
    Knorthern Knight
    • Don't forget .ru

      That's where I saw this years ago.
      rpmyers1
    • Is there a way to do this in firefox?

      I did a quick google on this, and also looked in the firefox preferences but didn't see a way to do this.
      enduser_z
      • I think you'll have to do it manually

        I think you'll have to type in -site:.cn, or .ru, etc.

        This would be a FANTASTIC feature for FF 3 or an add-on.
        Hallowed are the Ori
        • No, it would stink

          No, making this an automatic feature for FF3 would be a really bad idea. Maybe [b]you[/b] can still find what you are looking for by confining yourself to other sites, but some of us really [b]do[/b] need to search .cn or .ru sites.

          Far better to leave this to users to do by hand, since the need varies so much from user to user. I, for example, really do often want to search .net, .com [b]and[/b] .ru sites, nut never .cn. Others will really need .cn, so they need a different (more difficult) solution.
          mejohnsn
          • Geez...

            I didn't mean it should be hard-coded into the programming, I meant it should be a configurable feature, wherein a user could go into it and type in domains that they did not want to have included in their results.

            If you did not want to see the results from the trash domains, you simply would go into the options and set up filtering on cn, ru, es, sg, etc.

            If you did want their results included, you simply wouldn't set up the filtering.
            Hallowed are the Ori
    • Add the phrase "-site:cn" (without quotes) to Google searches

      I tried searching on FUNNY JUNK and got 245,000 hits. If I search on FUNNY JUNK -SITE:.CN (the actual searches were lower case) I get 252,000 hits. ????? setting my preferences to return only pages written in English results in 227,000 with or without the -site:.cn. I am not convinced that the -site:.cn is doing what we would like it to do.. And if it did, it would be nice of Google to put in the preferences so we don't have to enter it for every search.
      GKSeifert
      • A halfway fix...

        You can try this addon: https://addons.mozilla.org/en-US/firefox/addon/743

        It won't actually remove the .cn or .ru results, but it does conver them all to light gray text and leaves the "real" results alone, making them easier to distinguish.

        It's not a complete fix, but it beats nothing if you don't want to add the filter string to every search you perform.
        Hallowed are the Ori
      • Google hits (Ghits)

        When Google tells you that you are looking at results 1 - 10 of [b]about[/b] 252,000, that [i]does not[/i] mean that there are actually 252,000 results. Google only comes up with a very rough estimate before displaying the results page to you. If they actually went through their data to come up with an exact figure for the number of results, that would take as long as if they went through all the data to pull up all the results for you on one enormous page. It would take far, far too long.

        This is a widely misunderstood aspect of Google. I often see people bandy about the number of Google hits for this or that search, and I cringe every time I see it. You just can't use those numbers in that way, and you can't compare them in the way you did above.

        (If you jump ahead to page 10, page 20, and so on in the results, you will often find that the actual results run out long before the estimated number of results that you got with the initial search result page.)
        DavidConrad
  • What's the news, that people are finally noticing?

    This kind of thing has been going on for years, with spyware, phishing sites, and worms being promoted by "search engine optimization" search-spamming techniques. Has it truly taken this long for people to notice?
    Resuna
    • Agree

      What we have here is a company that makes products for sale (Sunbelt) being the "first" to "expose" this nasty stuff. But, it's been around for a long, long time. Actually, this is genius on the part of Sunbelt, whose anti-spyware lags behind Spyware Doctor, SpySweeper and others. What a great way to promote one's business when you write a blog "exposing" things that have been around for many years.

      What's going to happen here, is that Sunbelt is going to get a lot of free advertising, Google is going to be put in a position of becoming a censor, and someday, Sunbelt will be writing blogs about how Google is censoring search results and get more free publicity.

      Whenever I see a commercial enterprise selling products that are directly related to what they are blogging about - I can't help but think there's a bit of a conflict of interest; especially when the blogs are not well-written, not well-researched, and point out the obvious. It's nothing new that search engines return results that include pernicious sites and sites promoting malware.

      When will people realize that the they have to start taking responsibility for their own actions. Spam is such a huge problem today because morons continue to buy products that are advertised in spam. Spyware is such a big problem because idiots really think those 3D Screen Savers, Smileycons, and other glitzy desktop applications that bombard users with ads and track their movements are free. People download Trojans and infect their computer because they don't think before they click. And, companies, like Sunbelt pander the idea that the solution is their software or Google changing its algorithms to exclude nefarious sites. Well, if one takes the logic of Sunbelt to its obvious conclusion you can see where it leads. It's damn good for business if you can hit on a topic that is hot and lead people to your site - and get ZDNet, et. al. to pick up your blog and report it as news. In this case, Sunbelt's blog is not news. It is, in my opinion, a public relations promotional bonanza for Sunbelt - who is getting millions of dollars worth of free advertising by blogging about some "new" threat that isn't new at all and getting popular sites, like ZDNet to buy into it.

      And looking at the responses to the original blog and to this article it appears almost everyone else is buying it too.

      What a pity that we continue to ignore the simple truth that people who use the Internet need to learn more about what they're doing, stay informed and use their heads when they use the Internet.

      Sunbelt's blog does nothing but state the obvious and rehash thing that have been happening for a long time as if it were some altogether new threat. It's good for Sunbelt but this sort of massaged information just propagates the idea the no one is responsible for their own actions, that it's always someone else's fault. This time it's Google's fault. Next time? Who knows.
      tiagara
    • Agree

      What we have here is a company that makes products for sale (Sunbelt) being the "first" to "expose" this nasty stuff. But, it's been around for a long, long time. Actually, this is genius on the part of Sunbelt, whose anti-spyware lags behind Spyware Doctor, SpySweeper and others. What a great way to promote one's business when you write a blog "exposing" things that have been around for many years.

      What's going to happen here, is that Sunbelt is going to get a lot of free advertising, Google is going to be put in a position of becoming a censor, and someday, Sunbelt will be writing blogs about how Google is censoring search results and get more free publicity.

      Whenever I see a commercial enterprise selling products that are directly related to what they are blogging about - I can't help but think there's a bit of a conflict of interest; especially when the blogs are not well-written, not well-researched, and point out the obvious. It's nothing new that search engines return results that include pernicious sites and sites promoting malware.

      When will people realize that the they have to start taking responsibility for their own actions. Spam is such a huge problem today because morons continue to buy products that are advertised in spam. Spyware is such a big problem because idiots really think those 3D screen savers,smileys, and other glitzy desktop applications that bombard users with ads and track their movements are free. People download Trojans and infect their computer because they don't think before they click. And, companies, like Sunbelt pander the idea that the solution is their software or Google changing its algorithms to exclude nefarious sites. Well, if one takes the logic of Sunbelt to its obvious conclusion you can see where it leads. It's damn good for business if you can hit on a topic that is hot and lead people to your site - and get ZDNet, et. al. to pick up your blog and report it as news. In this case, Sunbelt's blog is not news. It is, in my opinion, a public relations promotional bonanza for Sunbelt - who is getting millions of dollars worth of free advertising by blogging about some "new" threat that isn't new at all and getting popular sites, like ZDNet to buy into it.

      And looking at the responses to the original blog and to this article it appears almost everyone else is buying it too.

      What a pity that we continue to ignore the simple truth that people who use the Internet need to learn more about what they're doing, stay informed and use their heads when they use the Internet.

      Sunbelt's blog does nothing but state the obvious and rehash thing that have been happening for a long time as if it were some altogether new threat. It's good for Sunbelt but this sort of massaged information just propagates the idea the no one is responsible for their own actions, that it's always someone else's fault. This time it's Google's fault. Next time? Who knows.
      tiagara
  • Google's advance search...

    Under "Advance Search" you have an option to exclude domains. Simply add ".cn, .ru" and it would seem the bulk of the problem sites would be eliminated from your searches.

    Just my two cents.
    Lee
    lawentzel
  • Google, now's your chance to add value: Malware-test your hits

    If one can spider the Web and collect mere URIs, why not go a step further and develop an algorithm that parses page contents at each URI for potentially dangerous downloads, autotests them, and then greenlights or redlights addition of that top-level URL to Google's database? Now *that*'s added value.
    dpnewkirk