Home Search Engine Poisoning #1 Vector for Malware

Search Engine Poisoning #1 Vector for Malware

Search engine poisoning is the most prevalent form of malware delivery on the Web, according to the security researchers at Blue Coat. In its 2011 Mid-Year Security Report Blue Coat outlined the biggest threats to Web security and the attack vectors that malware providers are using to infiltrate users’ computers.

Search engine poisoning (SEP) makes up 40% of malware delivery vectors on the Web. The practice is when malware and spam attackers inundate search results with links to bait pages that will take users to malicious websites that will download malware to a computer. Spammers reach higher in search rankings by creating link farms that drive their poisoned pages further up search results. People want to be able to trust that what they search for in Google, Bing or Yahoo is safe to click on. Users are not conditioned to think that search results could be harmful to the health of their computers. The other leading attack vectors on the Web all pale in comparison to SEP, with malvertising, email, porn and social networking all 10% of malware delivery.

The Dominance of SEP

Google and security companies are in a giant game of whack-a-mole with the malware creators, said the head of Blue Coat’s malware research team, Chris Larsen. The botnet networks that create malware are constantly shifting and their delivery mechanisms grow evermore sophisticated.

Yet, SEP attacks do not fundamentally change, they just evolve. As an example, Larsen points to the killing of Osama Bin Laden and the mass of searches that were created the day after the announcement was made to the world. The malware creators used their existing infrastructure, changed the signatures of the command-and-control servers and unleashed a mass of bait links onto the Web.

Malware attackers have come to recognize that users are more wary of clicking on suspicious links that promise something unbelievable or outrageous. So, the vector is shifting to image search. Images are much harder to guard against and have proven to be fertile soil for malware providers. It is harder for Google and the security companies to find the “link farm” that creates the poisoned search results in images.

Porn, Malvertising and Email Remain Strong

In the table above, “unrated” includes malvertising – the practice of poisoning ads on the Web that lead to “bait pages” in much the same way as SEP does. The Blue Coat report notes “people like to look at other people and human nature is unlikely to change.” There have been spikes of up to 11,000 new porn sites a day, which makes the need for real-time Web defense systems tantamount. Yet, porn as a delivery vector has actually fallen in Blue Coat’s rankings, falling behind email since the last report the company issued in February. Symantec reported last week that email spam was at one its lowest level since 2008 so it looks like the overall amount of malware on the Web may be decreasing.

Larsen cautions that might not be the case. Malware vectors are cyclical by nature. The changing nature of botnets make it difficult to determine exactly how much malware is being driven from what sources. Botnets are becoming more difficult to identify and are increasingly sharing (or simply overlapping) resources. On one hand, the more sophisticated the botnet, the harder it is to dismantle. Yet, Larsen thinks that the more complex botnets become, the more vulnerable they become.

The Changing of Botnets

“The network is constantly changing,” Larsen said. “The bigger the attack surface, the more vulnerabilities are created in their own networks.”

The Web is a large, complex place made up of many different standards and approaches. Hackers take advantage of this complexity by exploiting weaknesses in portals that are not secure. Larsen thinks that the more complex botnets become, the more portals are opened where security companies can worm into the networks and take them down.

Botnets are also beginning to share nodes on their networks. According to the report; “Many botnets are known to intersect and share their compromised nodes in a symbiotic relationship (which they do with more monetizable malware such as ransomware, pharmacy spam, scams and a variety of other exploits). The samples analyzed, sandboxed, researched and studied by Blue Coat Security Labs exhibit this characteristic.”

In terms of malvertising, attackers are learning that patience pays. Malvertising networks will lay low within a legitimate ad network and develop clean reputations by passing multiple malware security sweeps. When the sleeping malvertising network awakes it will change the way it operates to deliver the users to a malware host. The next day the malvertising network will be gone, hiding somewhere else on the Internet.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.