Analysis from the ScanSafe Security Threat Alert Team, which monitors web-based malware, shows that one-in-five Internet search results contain malware or offensive and illegal, content. Offensive content represents the greatest risk, accounting for 80 per cent of total search blocks.
Search engines have increasingly become a gateway for exposing businesses to security risks, such as Trojans, spyware, and keyloggers. Unsuspecting web users can be exposed to such malware from a wide range of web sites—including legitimate sites that have been compromised to unwittingly host malware. This malware can easily install itself on the corporate network and severely disrupt business operations.
Although it is an essential tool in the workplace, if secure web searching is ignored, it can become the Achilles' heel in corporate web filtering policies and expose companies to security breaches, information leakage and legal issues. One example of malware exploiting search engines is through the use of ‘spamdexing’. Compromised sites are appended with hidden text containing keywords and links to other (typically compromised) sites which host exploit code. This increases the ranking of the exploit site in search engines, thus when users search on those particular keywords, the exploit site is returned prominently in the results. Those who click through to the site will typically become victims of so-called ‘drive-by-downloads’ of malware. The Zhelatin family of malware, commonly referred to as the ‘Storm worm’, has been discovered using this technique to foist new variants of the malware onto victims’ computers.
In another Storm-related incident, Zhelatin-infected bloggers inadvertently posted Zhelatin spam with malicious links to their blogs. This occurred because these bloggers had configured their blogs to automatically post content sent to a particular address. When the Zhelatin mass-spamming component activated, it sent the spam to the blog address as well. Other malware, such as the Trojan MeSpam, append malicious links to Web 2.0 related activities, such as blog comments, forum posts, and webmail. Of course, search engines crawling these sites will include the miscreant posts in their search results, thus further exposing users.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.