Google tops comparative review of malicious search results

Google tops comparative review of malicious search results

Summary: A two-month study by Barracuda Labs, reviewing more than 25,000 trending topics and 5.5 million search results, names Google as the most popular search engine used by malicious attackers relying on poisoned keywords.

SHARE:
17

According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords.

The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google's leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine.

Key highlights of the study:

  • Overall, Google takes the crown for malware distribution – turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
  • The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
  • Over half of the malware found was between the hours of 4:00 a.m. and 10:00 a.m. GMT. The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

Interestingly, based on the data gathered, the most popular topic of choice for cybercriminals were spyware related searches, followed by entertainment news, with hosting sites, P2P and proxies related searches showing a significant growth. What's worth highlighting while interpreting the data, is that it's only valid for a specific period of time. How come? Controversial to the common misunderstanding that cybercriminals are picky about popular search terms, what they do is automatically syndicate the Web's buzz for their malicious purposes.

Poisoned search engine results have been an active tactic in the arsenal of the cybercriminal for several years. The practice, known as blackhat SEO (search engine optimization) is now the primary source for hijacked legitimate traffic, which in a combination with the automatic compromising of hundreds of thousands of legitimate sites, exposes end users to everything a cybercriminal has to offer.

Go through related posts:

Although, Google's aware of the situation, and is catching up pretty fast, cybercriminals remain ahead of the game, doing nothing else but playing by the SEO book. For instance, in a report released by Google in April, the company found out that scareware accounted for 15% of all malware, and that scareware represented 50% of the malware delivered through malvertising. The thing evasive practice that cybercriminals took advantage of to achieve these results, is by checking for the correct HTTP referrer.

Poisoned search engines are the inevitable result of the real-time Web, allowing cybercriminals to take advantage of the same tools and tactics, that legitimate marketers do. But being the market leader in online search, means that in 2010 your crawlers shouldn't be that easily tricked into loading the legitimate content, with the malicious one served to the average Internet user.

What do you think? Is Google doing enough to protect its users from poisoned search engine results? Most importantly, can Google protect the end user from himself at the end of the day? Would the current situation have been any different if, for instance, Bing or Yahoo was the market share leader in online search?

Talkback.

Topics: Browser, Google, Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • And what are we to conclude? This is sort of meaningless

    Unless you provide a break-down of malicious search results further, by O/S and vectors of infection.<br><br>It only means there is a large body of users using Google and who mostly likely are surfing with Windows.
    Dietrich T. Schmitz, ~ Your Linux Advocate
    • RE: Google tops comparative review of malicious search results

      @Dietrich T. Schmitz, Your Linux Advocate
      We are to conclude that Google, as many instances of past has taught me, continues to be a constant source of Internetworking Cancer.

      The misuse should have been, and likely was to some degree, anticipated and actively protected against. I see little consumer protection from Google in the management of its own services.

      Android platform, 30% [or so] malware apps? Fits right in with what this report is saying regarding Google.

      It is much of an ethical debate whether Google is doing enough to protect the end users from its own search engine or applications and other practices.
      ryanstrassburg
      • RE: Google tops comparative review of malicious search results

        @ryanstrassburg

        If people question whether they are doing enough, those people are obviously finding their computers invested with malware because they're not fortunate enough to know not to click...

        Simple fix, get a webshield antivirus or don't fall for malware.
        xetelian
  • RE: Google tops comparative review of malicious search results

    Google is the biggest source of malware. They are spying on everyone who uses their productis or services. Who is supposed to protect us from them? And, they are platform independent.
    jorjitop
    • RE: Google tops comparative review of malicious search results

      @jorjitop Really....they are not the biggest source of malware. They just provide links. Google even WARNS you of malicious sites, has developed a browser that has not been hacked at CANWEST yet, and overall is committed to protecting you.

      Spying...I don't think so
      rjacksix
      • RE: Google tops comparative review of malicious search results

        @rjacksix <br>I think jorjitop was trying to say that all Google's services <i>are</i>, effectively, malware in being a form of "spyware" -- in other words, just another stereotypical opportunistic propagation of Google hysteria/paranoia, with nothing of substance offered to justify it, as usual.
        spectre0
      • RE: Google tops comparative review of malicious search results

        @rjacksix

        First off, it's CanSecWest.

        Secondly, anyone who cites that as support for the relative safety of one platform versus another has thrown their credibility out the window. It's a contest--and a poorly structured one at that--that contains none of the rigorous controls one might expect in a true security testing environment.

        Third, most of the code running under-the-hood in Chrome was developed by Apple and was given to the public via its open source project Webkit which Google uses in Chrome. So no, Google does not get credit for developing a browser that has not been hacked there.
        Andre Richards
  • Statistical Invalidity

    Wow, Google has like 90% of the search market, so the fact that they have 69% of the malware poisoned strings actually means that they do a BETTER job at filtering these things (when things are NORMALIZED). This is the problem with NUMBERS. If you don't understand them, you can make them say ANYTHING.

    If Google were as bad as the other providers then everyone's distribution of malware would equal their market share in search. So, if you want to really get a sense of who the bad actors are, line up their market share with their amount of malware infested links. You'll find that Yahoo and Microsoft are doing a much worse job than Google.

    And in this case, the fact that it is taking less than 25% of the time for links to show up in Google is even more statistically significant, because it points to the fact that Google is "fresher" and more able to keep it's content relative.
    rjacksix
    • RE: Google tops comparative review of malicious search results

      @rjacksix Quite right, you know sometimes I wonder what zdnets criteria is when hiring "journalists" or checking copy, I suspect it is just "throw content up there, some idiot will swallow it". Terrible job Dancho, and I for one won't be reading a word you write in future. For reference it took me 30 seconds to find the market share figures: Google: 85% market share, 69% malware, Yahoo: 5.99% market share, 18% malware, Bing: 3.34% market share, 12% malware.

      So "Google Tops Table of Search Companies Doing the Most to Halt Malicious Code", would perhaps have been a better title. Almost like he reprinted the article verbatim from Microsoft isn't it?
      richard.gardner@...
      • RE: Google tops comparative review of malicious search results

        @richard.gardner@... Amen!!!
        peter.mukerjee@...
  • Protect the End User From Himself? Can Anyone?

    I've been working in IT for eleven years, and I've been using computers for twenty five years, and I have yet to see anyone who can protect the end user from himself but the end user.
    CFWhitman
    • RE: Google tops comparative review of malicious search results

      @CFWhitman Bravo...
      stevek@...
    • RE: Google tops comparative review of malicious search results

      @CFWhitman
      i'm with you on that. i can clean these computers over and over, but since humans are using them, it wil never end...
      vbg1rl68
  • RE: Google tops comparative review of malicious search results

    Google handles most of the internet searches so this does high percentage does not surprise me. What sites you go to, especially if you look at porn scum, determines the attacks much more than the search engine. I suggest Firefox with WOT (web of trust) add-on. Caution, even WOT can send you to a clean site and then that site can send you to a malware enhanced site.
    A good rule is to use WOT and a good AV/Malware Program and avoid sites that are questionable. -- Some folks want others, government, etc to be their nanny when if they just use good judgment they could avoid a lot of problems.
    daledor
  • RE: Google tops comparative review of malicious search results

    It is relatively interesting that the only numbers that you are using to refute a post about the relative malware distribution are ones provided by NetMarketShare and not comScore, the usually quoted and recognized market authority on search engine market share. You can debate "gaming" practices, but even if we take both of these together (comScore reported 62.6% for Google in June), it is far from a clear cut answer as to whether Google has a proportional share of malware distribution. From a security perspective, it strikes me that if companies like WebSense and Cisco (amongst others) can provide dynamic content scanning of search results specifically taylored to help trim out malware results... why can't the search providers themselves (be it MS / Yahoo / Google or a niche player not discussed)? At that point, aren't all of them equally not living up to what we should expect of them?
    selliott80919
  • This is a terrible article

    Could there be any more wasted time in 'discovering' that the most popular is always the leader in where things happen? Why would malware be on engines that aren't used?<br><br>Thanks for 10 Paragraphs and a pie-chart to state the most common sense statistically obvious data...that has nothing new to offer.<br><br>This seems like a blatant attempt to drive users away from Google, which is disgusting.
    xetelian
  • Your comment's odd, Andre Richards -

    ?Third, most of the code running under-the-hood in Chrome was developed by Apple and was given to the public via its open source project Webkit which Google uses in Chrome. So no, Google does not get credit for developing a browser that has not been hacked there.? - considering that <b>Safari</b>, which runs <b>Webkit</b> was one of the browsers that was pwned at this year's CanSecWest. Under these circumstances, it would seem that <b>Google</b> certainly does deserve credit for doing what <b>Apple</b> showed itself unable to do ; <i>viz</i>, creating a browser on the basis of <b>Webkit</b> which wasn't easy to hack....

    Henri
    mhenriday