Ask the Expert

How can search results lead to malware?

I've heard attackers are poisoning search results with malware based on popular queries. What are the best ways to avoid these sites?

    Requires Free Membership to View

Attackers have spent years developing new ways to inject malicious pages into top search results. Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. As a result, search engine queries often turn up malicious sites. Fortunately, there are a few ways you can reduce your risk.

First and foremost: Use a reputable search engine. Recently, there has been a proliferation of malicious search engines, designed to lure users to dangerous websites. Make sure you are using a well-known, safe search engine, such as Google or Yahoo. Reputable search engines do some filtering to remove malicious sites, although they cannot keep up with the global army of bad guys. If you find a malicious site, you can help by reporting it to Google or your favorite search engine.

There are also various browser plug-ins that will rate sites and display safety indicators next to search results. Check out McAfee Inc.'s SiteAdvisor or Finjan Inc.'s SecureBrowsing tool, for example. At the enterprise level, you can use application-layer proxies, which scan and filter websites. That way, even if users do click on nasty links, you can still block malicious Web content.

Above all: Think before you click.

This was first published in July 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: