What Search Engine Poisoning Is & How It Spreads Malware [MakeUseOf Explains]

Ads by Google

search engine poisoningIf you thought malware popups and relentless email spam were the worst of it, think again. There’s a new contender on stage and it’s spreading malware like butter in desert heat. It’s called search engine poisoning and hundreds of thousands, even millions, of people have fallen victim to it all over the globe.

Here’s the thing about malicious intent: the worst forms of villainy occur when the bad guys take something that is good and use it for evil. The search engine is a fantastic development. Without it, we wouldn’t have Google–and where would the world be without Google? But search engine poisoning is all about taking that good search engine and manipulating it to do something dastardly.

But before we can talk about the actual poisoning of search engines, we need to talk about search engine optimization.

Search Engine Optimization 101

search engine poisoning

Search engine optimization (SEO) is a legitimate tactic used by web owners to optimize their websites for search engine placement. Go to Google and search for anything–fishing, video games, clothing brands, news articles. Now, scroll down through the results. In most cases, your desired result will be on that first page.

How many times do you ever click “Next” to skim through more results? How often have you gone to the fifth page? The tenth? My bet would be on “extremely rarely.” And that is why SEO is so valuable. The more you optimize your website, the higher it will be ranked, thus more people will visit it.

Ads by Google

Search engines keep their search result ranking algorithms guarded well–perhaps even better protected than Colonel Sanders and his chicken recipe. However, we do know a few things about search ranking criteria:

  • Webpages that are cross-linked within the same domain or website will increase search ranking. Similarly, if a certain page has many incoming links from outside sources, its ranking will increase.
  • Search keywords and search phrases play a major role. Thus, if you want to target a particular phrase (e.g., “gardening tips”), you’ll need to repeat that phrase multiple times throughout your page(s). This is called “keyword stuffing.”
  • Proper page structure (bolding, anchors, H1 tags, etc.) will help raise your ranking because it helps search engine crawlers to better parse your web content.

There are numerous other factors involved; the above were just examples to show you a glimpse of what SEO is about.

Poisoning Search Results

search engine poisoning

Now that you know about SEO, we can move onto search engine poisoning (SEP). SEP is a method that malicious spammers use to quickly spread malware around the Internet. Remember how I mentioned malware popups and email spam? Well, SEP is on a whole other level.

SEP can be viewed as a corruption of SEO. Whereas legitimate websites use SEO to gain higher rankings in a search engine, malware producers use SEO to place their malware-infection-spreading high on search engine results. Most web users tend to trust the first page of a Google search, and that presents a prime location for off-guard users.

So in theory, you could search for “shiny black shoes” and click on the third link in the results and be taken to a malicious website that installs something terrible onto your computer. In actuality, the scenario is a little worse than that.

SEP specialists are very quick to adapt to a frequently-changing environment. That’s why they will target specific keywords that are extremely popular in order to maximize their page hits. Think about when Osama bin Laden was killed or when the iPhone 4S was released. Millions of people around the world were searching for those terms–and poisoned search results ended up infecting many users with malware.

How To Protect Against SEP

search engine poisoning

In one case, Imperva disclosed information regarding a particular SEP campaign that lasted 15 months without detection by search engines. Upon hearing this, you might be shocked, frightened, or angry. Search engines should protect their users against this kind of trickery, right?

But it’s not that easy. Due to advancements in technology, SEP websites can detect whether a visitor to their website is a genuine person or a search engine crawler. If it’s a crawler, they’ll display a fully legitimate website and the crawler won’t know any better. If it’s a genuine user, he’ll be bombarded with malware.

Furthermore, search engine poisoning specialists can exploit vulnerabilities in popular websites and inject malicious code that redirects their users to the malware-infested website. Most of the time, this is done through cross-site scripting (XSS) vulnerabilities. And in this case, Google already sees those websites as legitimate, making it that much harder to distinguish true websites from SEP-malware-spreading websites.

So until search engines can find a way to combat this problem, you will need to protect yourself. Here are some ways you can do that.

  • Learn to identify websites that might be destinations for an SEP campaign. Lots of popup ads, suffocating web ads, and especially “scareware portals” that trick you into thinking you already have malware and prompt you to install their “antivirus”.
  • When searching for popular topics, you should directly type the URL of notable websites into your browser. Try to rely less on clicking search engine results.
  • Enable your browser’s security features now. If you visit a website and your browser warns you that it might be fishy, leave right away.
  • Make sure your antivirus, antimalware, and firewall programs are all up-to-date.
  • Zscaler has created an addon/extension that aims to protect users against poisoned search results. You can grab it for Firefox and Chrome.

Image Credit: Hacked Via Shutterstock, SEO Chalkboard Via Shutterstock, Warning Via Shutterstock, Computer Lock Via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
137 Members
Deep Web Communities
Deep Web Communities
80 Members
Best Anonymity Tools
Best Anonymity Tools
73 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
44 Members
Best Music Services
Best Music Services
43 Members
Online Security Tips
Online Security Tips
41 Members
Web for Kids
Web for Kids
32 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
19 Members
Ads by Google
Comments (15)
  • Nikhil Chandak

    thnx for information Joel Lee
    it was great

  • Dakota Estes

    as soon as i saw this, i went right to the chrome store.

  • Lisa Santika Onggrid

    This is why we should look more closely to what we click. If you already know what you want, it’s much safer exploring the web via affiliation sites of a trusted website since they’d have checked their affiliates. Still, it doesn’t give you 100% accuracy. Sometimes even WOT gives false alarm. Strengthening your computer’s security would be a no brainer with tricks like this around.

  • Sergio Branda

    Great, clear clarification article.

  • Vishal Mishra

    This is a really great article. I didn’t know about this problem, thank you very much.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.