Author: Jurgita Ziuraite

There is more and more ongoing talk about search engine poisoning and how damaging it is to an ordinary computer user. Some say that thousands or even millions of people have fallen victim to it all over the world. For those who are not that well familiar with the term "search engine poisoning"(SEP), it is defined as a mix of wanted results and dodgy sites, such as malware infected websites or payday loan sites.

SEP is a method that malicious spammers use to distribute their malware. They use search engine optimization techniques (SEO) to put infected pages high on search results. Specific keywords that are extremely popular are targeted in order to maximize malicious page hits. It might be that a malicious site will appear higher than a legitimate one on a results page. Most Internet users trust such search providers as Google or Bing and press on the given results without thinking of the possible dangers.

Talking about statistics, a recent announcement of SophosLabs gives us shocking numbers. Bing is the most poisoned search engine, giving more than two thirds (65 per cent) of search results as poisoned. Although Goolge is behind yet the results are not as reassuring as one might expect. 30 per cent of poisoned search results originated from the latter search engine. The most poisoned is image search. 92 per cent of redirects to malicious web sites come from this type of search.

Although search engine specialists fight SEP problem every day it is not that easy. Advanced technology allows spammers programming websites that detect if a visitor is a genuine person or a search engine crawler. For the crawler a fully legitimate website will be displayed. Yet for a genuine user, she will be attacked by malware. Even more, vulnerabilities of popular websites are exploited and scammers inject malicious code to them. This enables visitors to be redirected to the malware-infected pages. Cross-site scripting (XSS) vulnerabilities are being used in most of the cases. Although the above problems are known to such search providers as Google or Bing, the ways of fighting against them are still being searched for.

Meanwhile we are responsible for protecting our technique from malware attacks. Here are some tips that one should follow:

• Learn to distinguish between legitimate websites and those that can be labeled as SEP. Such characteristics as suffocating web ads, lots of pop-ups, pages that make you think you already have malware and convince you to install their "antivirus" are a clear sign of malicious sites.

• Choose to directly type the URL of notable websites into your browser if you search for a popular topic rather then perform a usual search. Do not rely that much on clicking search engine results especially if you perform an image search.

• Keep your computer security (antivirus, antimalware, firewall) always updated.

• Turn on your browser's security features. If you get a warning that the page might be suspicious, leave it at once.

• Once you saw that you are being redirected to pages you did not intend to visit, check your computer settings. It might be that you need to uninstall unwanted programs or remove a redirect virus