Beware of Poisoned Search Results

In the early days of the Internet, most viruses spread by email. Not so anymore: you're far more likely to fall victim to malware through poisoned search results than you are from clicking on a malicious email.

Say what you want about cybercriminals, but one thing you can't say is that they're illogical. They're playing a simple numbers game: people perform millions and millions of searches on the web every day, so it makes perfect sense that the crime would naturally gravitate to where the largest number of victims could be found. That means search engine results pages, or SERPs.

Here's how the scheme works. The bad guys set up websites designed to rank at the top of certain SERPs. They pack those websites full of keywords and use other techniques to game the search-engine ranking system. And they booby-trap those pages with malware, ads for bogus antivirus software, or phishing schemes designed to lure victims into turning over their personal information.

Fortunately, not every Google or Bing search has to be a roll of the dice. There are ways to identify and avoid poisoned search pages. Here's how:

Let your antivirus software do it for you. For example, Trend Micro software uses the Smart Protection Network™ to automatically identify suspicious sites before you click on them, so you know which ones to steer clear of.

Look at the first few lines of text in a search result. If it looks like random nonsense that's been thrown together by a robot, it probably is. You're looking for a specific piece of content, right? So go to where the real content is and ignore the gibberish that's at best evidence of a spam site (set up just to get page views) and at worse a malware site that will infect your computer as soon as you visit it.

Look at the URL. If it's not a site you recognize, be suspicious. It's also hard to go wrong by steering clear of sites with domain extensions from countries where hackers tend to be most active, for example, ".ru."

As we all know, even smart people can get distracted—which is why we recommend being vigilant but having good antivirus software as a backup.

< Back to main page


© 2012 by Trend Micro Incorporated. All rights reserved.