Biggest Online Threat: Search Engine Poisoning

Search engine poisoning is not a new phenomenon, but it is one that is growing far more prevalent. Search engine results are often littered with malicious results that are able to attain advantageous rankings because of black hat SEO techniques. Blue Coat Systems, a security firm, reports that SEP, or search engine poisoning, is the preferred mode of delivery for malware, allowing for 40 percent of all malware infections.
This is of obvious concern to searchers, but equally worrisome to those for whom they are searching.

Tom Clare, senior director of security product marketing for Blue Coat, says that SEP does not affect users who navigate directly to a website, but it is still troublesome. Say you are searching for “Keen Footwear,” which is the example Clare uses. About 10 percent of the resulting websites will be malicious.

Even if Keen’s site is not, end users can still be affected. Managing research director at Enterprise Management Associates, Scott Crawford, says, “They may look like they are going to a legitimate site but they are taking advantage of the site’s vulnerability to cross-site scripting to redirect the user to a malicious Web site. SEP has been around a while but it is rising in use because…it enables attackers to use oftentimes highly rated or legitimate Web sites as part of an attack.”

What can users do to protect themselves from SEP? Security firm Symantec recommends raising “your level of awareness” and scrutinizing “all search engine results thoroughly.” Sometimes this is easier said than done, but make sure you have a good antivirus program backing you up. Be on your guard for anything that looks suspicious – whether it is a request for your information or a strange error or redirect.

Leave a Comment