How can search results lead to malware?

Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. Expert Sherri Davidoff explains how attackers are injecting malicious pages into search results.

I've heard attackers are poisoning search results with malware based on popular queries. What are the best ways to avoid these sites?
Attackers have spent years developing new ways to inject malicious pages into top search results. Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. As a result, search engine queries often turn up malicious sites. Fortunately, there are a few ways you can reduce your risk.

First and foremost: Use a reputable search engine. Recently, there has been a proliferation of malicious search...

engines, designed to lure users to dangerous websites. Make sure you are using a well-known, safe search engine, such as Google or Yahoo. Reputable search engines do some filtering to remove malicious sites, although they cannot keep up with the global army of bad guys. If you find a malicious site, you can help by reporting it to Google or your favorite search engine.

There are also various browser plug-ins that will rate sites and display safety indicators next to search results. Check out McAfee Inc.'s SiteAdvisor or Finjan Inc.'s SecureBrowsing tool, for example. At the enterprise level, you can use application-layer proxies, which scan and filter websites. That way, even if users do click on nasty links, you can still block malicious Web content.

Above all: Think before you click.

This was first published in July 2009

Dig Deeper on Malware, Viruses, Trojans and Spyware



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: