How genuine are search engine results?

BANGALORE, INDIA: How genuine can be the results that your favorite search engine throws up?

If you are the one who thinks that search engines may always lead you to genuine results or sites, it's time you make a rethinking now.

Going by the latest findings of the Websense Security Labs, cyber criminals have been pushing malicious content through search engine optimization (SEO). The Internet platform has become a favorite tool for cyber criminals as the number of Internet users are increasing and also the popularity of the search engines.

The technique is also known as SEO poisoning. Under this technique malware authors use search engine optimization techniques to mix rogue search results with legitimate ones. When a user clicks on the links of rouge sites, they are prompted to reveal their credentials or are exposed to a number threats like a sypware or virus attack.

Lately, cyber criminals are not just using names of celebrities such as Katrina Kaif or Aishwarya Rai, the names rated most dangerous on Internet. The criminals are also making free use of key words like 'Google Wave' and 'Microsoft Essentials' among many others.

Recently, Websense Security Labs ThreatSeeker Network detected two incidents of SEO poisoning where links to rogue anti-virus are returned on searches given for ‘Google Wave’ and ‘how to download Microsoft’s Security Essentials tool’.

According to Manish Bansal, regional manager, Websense, “Malware authors have used search engine optimization techniques to mix rogue search results in with legitimate results.” “There's a lot of hype about the launch of Google Wave, not only because of the 'new' things it offers but also because Google invited only 100,000 lucky users to test the service. With that said, it's no surprise that users are enticed to this new application. Unfortunately, it's also no surprise that the bad guys are using this hype to manipulate search results,” he says.

There have been several examples of SEO poisoning in the recent past. One of the rogue links is directly under a MSDN blog entry discussing Microsoft Security Essentials and its redirects are hosted on compromised Websites, including a Canadian publisher's Web site and the British Travel Health Association.

Ratnamala Dam Manna, Director, Security Technology and Response, Symantec, observers that SEO poisoning is an extremely common phenomenon, due to its effectiveness in tricking web users into downloading malware.

“While we can’t specify the number of sites that have been affected, as malware variants break out every second, Symantec has recently seen an increase in the number of attacks delivered by exploiting browser vulnerabilities. This means that even clicking on a poisoned search result can download malware on to a system without the user’s knowledge,” Manna adds.

Elaborating on the SEO poisoning, the Symantec director says that today, when a user enters a search on any popular engine, two kinds of results appear. The first is a basic list of links that the engine thinks is relevant to the search. The second is sponsored results that appear on the sidebar and may be relevant to the user.

While initially, attackers poisoned the direct results, today they have also turned to exploiting the sponsored search.

For example, they may use the advertising services of search engines to display an advertisement for malware or a fraudulent product – these could include rogue antivirus software, which would involve downloading a product that doesn’t work or one that harms the system, or loan and investment scams.

The higher their ads appear on the sponsored results, the greater the chances of consumers falling for their tricks.