From: http://www.eastvalleytribune.com/story/148583
Q. Someone told me that I can't trust Google search results anymore because of hackers. Is this true? - Randal
A. Google has built its empire on a very simple concept: be relevant.
When you search for something on Google, their system for weeding out irrelevant Web sites for any given search phrase has been their "secret sauce" and allowed them to dominate in the world of search.
They process more than 150 million search requests per day, making them far and away the most popular search engine on the planet.
But any technology that attracts that many users will attract those with malicious intent who will focus all their energies on finding ways to exploit those users.
Google is constantly working on ways to deal with something called "SEO poisoning" that is allowing hackers to get malicious Web sites listed, sometimes on the first page of popular Google searches.
SEO stands for "search engine optimization" and is a process used to optimize a Web site for the highest possible ranking in search engines. The closer to the first position in the search results you can get, the more people who will click on it.
Most folks feel comfortable with the search results from Google, never giving any thought to whether a link is safe or not. Most assume that if Google presents it as a result, it must be safe.
Unfortunately, those days are long gone. The bad guys have figured out how to sneak malicious Web sites into Google's results - and they've been doing it for some time.
The most common search terms that are being targeted (but not the only ones) are very current events - things like "swine flu" or "Tiger Woods mistress" that generate a large number of searches in a very short period of time.
The scammers either quickly create Web sites that are rigged with hidden malware and are optimized to rank highly for these breaking events, or they will compromise a legitimate Web site that is highly optimized for these types of searches.
Researchers have found that as many as 50 percent of the top search results on the first few pages of a Google search for fast-breaking stories are laced with malicious links.
And just recently, the malware writers started targeting folks that click on the Google "Doodle," which is usually a date-specific image that graces the Google logo above the search box. It could be an image of Santa Claus on Christmas, Christopher Columbus on Columbus day, etc., which if clicked generates a search for the subject being represented by the imagery.
Most recently, the "Esperanto flag" displayed on the 150th anniversary of founder L.L. Zamenhoff's birthday was targeted and resulted in 27 of the first 50 results containing some form of malware, according to a research scientist at Barracuda Networks.
As a result of these tricks, a number of companies have created programs such as McAfee's Site Advisor or Norton's Site Safety that can help the average user avoid being exploited by stepping in and warning them. Two of my favorites are actually free and easy to use. The first is K9 Web Protection (www.K9WebProtection.com), which is a solid parental control program that also does a great job of blocking access to Web sites that have suspicious coding on them. If you don't want or need the parental controls, you can turn them off and just use the malware protection, which is one of the best I've tested.
The other is a plug-in to most popular browsers called Web Of Trust (www.mywot.com) that uses the entire community of users to help warn others of suspicious sites. The warnings extend beyond malware to warn against sites that might have adware, phishing attacks, browser exploits, Internet fraud and spam. But because the ratings are user-based, it will have more false positives.
Households with children - especially teenagers who tend to have no fear of clicking on anything - should strongly consider using one of the many tools for warning against or blocking malicious sites and have a frank discussion about this fast-growing way of getting infected online.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Monday, December 21, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment