What Search Engine Poisoning Is & How It Spreads Malware [MakeUseOf Explains]

Joel Lee 09-10-2012

search engine poisoningIf you thought malware popups and relentless email spam were the worst of it, think again. There’s a new contender on stage and it’s spreading malware like butter in desert heat. It’s called search engine poisoning and hundreds of thousands, even millions, of people have fallen victim to it all over the globe.


Here’s the thing about malicious intent: the worst forms of villainy occur when the bad guys take something that is good and use it for evil. The search engine is a fantastic development. Without it, we wouldn’t have Google–and where would the world be without Google? But search engine poisoning is all about taking that good search engine and manipulating it to do something dastardly.

But before we can talk about the actual poisoning of search engines, we need to talk about search engine optimization.

Search Engine Optimization 101

search engine poisoning

Search engine optimization (SEO) is a legitimate tactic used by web owners to optimize their websites for search engine placement. Go to Google and search for anything–fishing, video games, clothing brands, news articles. Now, scroll down through the results. In most cases, your desired result will be on that first page.

How many times do you ever click “Next” to skim through more results? How often have you gone to the fifth page? The tenth? My bet would be on “extremely rarely.” And that is why SEO is so valuable. The more you optimize your website, the higher it will be ranked, thus more people will visit it.


Search engines keep their search result ranking algorithms guarded well–perhaps even better protected than Colonel Sanders and his chicken recipe. However, we do know a few things about search ranking criteria:

  • Webpages that are cross-linked within the same domain or website will increase search ranking. Similarly, if a certain page has many incoming links from outside sources, its ranking will increase.
  • Search keywords and search phrases play a major role. Thus, if you want to target a particular phrase (e.g., “gardening tips”), you’ll need to repeat that phrase multiple times throughout your page(s). This is called “keyword stuffing.”
  • Proper page structure (bolding, anchors, H1 tags, etc.) will help raise your ranking because it helps search engine crawlers to better parse your web content.

There are numerous other factors involved; the above were just examples to show you a glimpse of what SEO is about.

Poisoning Search Results

search engine poisoning

Now that you know about SEO, we can move onto search engine poisoning (SEP). SEP is a method that malicious spammers use to quickly spread malware around the Internet. Remember how I mentioned malware popups and email spam? Well, SEP is on a whole other level.


SEP can be viewed as a corruption of SEO. Whereas legitimate websites use SEO to gain higher rankings in a search engine, malware producers use SEO to place their malware-infection-spreading high on search engine results. Most web users tend to trust the first page of a Google search, and that presents a prime location for off-guard users.

So in theory, you could search for “shiny black shoes” and click on the third link in the results and be taken to a malicious website that installs something terrible onto your computer. In actuality, the scenario is a little worse than that.

SEP specialists are very quick to adapt to a frequently-changing environment. That’s why they will target specific keywords that are extremely popular in order to maximize their page hits. Think about when Osama bin Laden was killed or when the iPhone 4S was released. Millions of people around the world were searching for those terms–and poisoned search results ended up infecting many users with malware.

How To Protect Against SEP

search engine poisoning


In one case, Imperva disclosed information regarding a particular SEP campaign that lasted 15 months without detection by search engines. Upon hearing this, you might be shocked, frightened, or angry. Search engines should protect their users against this kind of trickery, right?

But it’s not that easy. Due to advancements in technology, SEP websites can detect whether a visitor to their website is a genuine person or a search engine crawler. If it’s a crawler, they’ll display a fully legitimate website and the crawler won’t know any better. If it’s a genuine user, he’ll be bombarded with malware.

Furthermore, search engine poisoning specialists can exploit vulnerabilities in popular websites and inject malicious code that redirects their users to the malware-infested website. Most of the time, this is done through cross-site scripting (XSS) vulnerabilities. And in this case, Google already sees those websites as legitimate, making it that much harder to distinguish true websites from SEP-malware-spreading websites.

So until search engines can find a way to combat this problem, you will need to protect yourself. Here are some ways you can do that.

  • Learn to identify websites that might be destinations for an SEP campaign. Lots of popup ads, suffocating web ads, and especially “scareware portals” that trick you into thinking you already have malware and prompt you to install their “antivirus”.
  • When searching for popular topics, you should directly type the URL of notable websites into your browser. Try to rely less on clicking search engine results.
  • Enable your browser’s security features now. If you visit a website and your browser warns you that it might be fishy, leave right away.
  • Make sure your antivirus, antimalware, and firewall programs are all up-to-date.

Image Credit: Hacked Via Shutterstock, SEO Chalkboard Via Shutterstock, Warning Via Shutterstock, Computer Lock Via Shutterstock

Related topics: Anti-Malware, SEO, Spam.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Nikhil Chandak
    October 30, 2012 at 11:10 am

    thnx for information Joel Lee
    it was great

  2. Dakota Estes
    October 11, 2012 at 9:50 pm

    as soon as i saw this, i went right to the chrome store.

  3. Lisa Santika Onggrid
    October 11, 2012 at 4:26 am

    This is why we should look more closely to what we click. If you already know what you want, it's much safer exploring the web via affiliation sites of a trusted website since they'd have checked their affiliates. Still, it doesn't give you 100% accuracy. Sometimes even WOT gives false alarm. Strengthening your computer's security would be a no brainer with tricks like this around.

  4. Sergio Branda
    October 10, 2012 at 5:31 pm

    Great, clear clarification article.

  5. Vishal Mishra
    October 10, 2012 at 5:00 pm

    This is a really great article. I didn't know about this problem, thank you very much.

  6. Cindy Abernethy
    October 10, 2012 at 4:01 pm

    Thanks for the information.......did not know about SEP at all..

  7. Harish Jonnalagadda
    October 10, 2012 at 3:45 pm

    Time to install WOT. Thanks for the useful article, as always

  8. Anonymous
    October 10, 2012 at 3:21 pm

    thanks for the article and the warning. going to bookmark this to remind me in the future.

  9. Arron Walker
    October 10, 2012 at 1:09 pm

    Blimey, that's lethal. Thanks for the warning - look like I need to upgrade my security processes - time to start referring to WOT and the like.

  10. Javier Vega
    October 10, 2012 at 9:04 am

    Wow, since i read the title of the article i imagined what kind of malware it was, but i didn't know this type since now, i'm grateful for reading this, spending a lot of time navigating day by day makes this a "must care" topic if something seems weird while browsing sites.
    And of course, we all want to keep our computers malware-free, so, taking a "safe browsing attitude" could mean the difference between malware and not.

  11. Scott
    October 9, 2012 at 10:36 pm

    Is WOT (Web of Trust) helpful in these circumstances ?

    • Joel Lee
      October 9, 2012 at 10:41 pm

      I'm not sure how WOT works behind-the-scenes, but as far as I know, they work based on user ratings (and user ratings are weighted based on their reliability score). In this case, a website with a good WOT rating could be taken over and it would take a while before user ratings on WOT caught up with it.

      However, if a website is known for being poisoned, the WOT rating should reflect it--it will just take a period of time for the rating to catch up.

      Simply put: If a website is rated badly on WOT, you should avoid it; if a website is rated well on WOT, it could still be poisoned, but the risk isn't as great.

  12. Jessica Tao
    October 9, 2012 at 10:14 pm

    I agree with Mac Witty. Sometimes you do need to use Google, Bing, Yahoo or other search engines about subjects that you don't know much about. I mean just looking at my most used websites, Google is first. It's kind of hard to track those bugs and well soon enough there will be technology available to fight those evil malware. Good article-easy to understand and very informative. Thank you!

  13. Mac Witty
    October 9, 2012 at 10:00 pm

    Thanks for an easy to understand explanation.
    I agree that the safer to go direct to notable websites than using search engine results. On the other hand it will narrow your knowledge - a lot of times the search engine give you good sites you never heard about.

    • Joel Lee
      October 9, 2012 at 10:42 pm

      You're right. Sometimes you have no choice but to click on search results and venture into new sites. However, like Scott mentioned below, you should check out the reliability of websites before visiting them. You can do this by using services like WOT (Web of Trust).