Bing gives cleaner results than Google, says F-Secure

Microsoft's Bing search engine returns fewer links to sites which push fake antivirus software than Google, according to security company F-Secure.

F-Secure compared the top 20 search results from the two search engines, and found that Bing returns fewer links to sites which launch fake antivirus popups.

For example, for the search term "russian launch keys", which was one of the 'hot topics' on Google Trends last Monday, 19 links in Google brought up fake antivirus software popups.

The same search term used with Bing brought no such links, F-Secure security advisor Sean Sullivan told ZDNet UK on Thursday.

"We know [the tricksters] are looking at Google's algorithm," said Sullivan."Search engine optimisation attacks against Google are very successful."

Rather than there being any difference in the inherent strength of the search security around Google and Bing, said Sullivan, Google is simply a larger target. As Google is the world's largest search provider, online confidence tricksters had more motivation to game the Google algorithm.

The tricksters use the same search engine optimisation techniques as legitimate sites, F-Secure director of antivirus research Mikko Hypponen told ZDNet UK.

"Black hats eagerly target new hot topics, for example an earthquake," said Hypponen. "They can create new pages and artificially generate a higher Google rank."

One means of artificially boosting Google ranking is to then use automated bots on discussion forums to post links back to the newly created site, said Hypponen. Google thinks the site is popular, and gives it a higher page rank.

Once users click through to the site, which will contain numerous keywords, they are either redirected to another site with a drive-by download, or an iFrame is launched that contains the fake antivirus software.

The user's computer is 'scanned', and the user told that their computer contains malware. They are then offered antivirus software which will 'clean' the computer. One of the problems with detecting these scams is that antivirus companies traditionally don't add the fake software to their list of binaries to be blocked, said F-Secure.

Google declined to comment specifically on fake antivirus results. However, Google said it acted quickly to mitigate other online threats, and used automated scanners that look at Google's index of websites to detect malware and phishing attempts.

"Pages that are identified as potentially harmful by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites," said a Google spokesperson.

Using any Google product to serve or host malware is a violation of Google product policy, said the spokesperson.

"In all cases, we actively work to detect and remove sites that serve malware from our search index and our ad network, and we immediately suspend accounts found to contain ads pointing to sites that install malware," said the spokesperson. "To do this, we have manual and automated processes in place to enforce our policies."

Google said that no product could be 100 percent secure.

"No solution is perfect, and we know that malware authors will continue to come up with new ways to distribute malicious software," the spokesperson added. "We're committed to exploring new ways to detect and respond to malware."

Microsoft declined to make any comment.