How can search results lead to malware?

Ask the Expert

How can search results lead to malware?

I've heard attackers are poisoning search results with malware based on popular queries. What are the best ways to avoid these sites?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Attackers have spent years developing new ways to inject malicious pages into top search results. Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. As a result, search engine queries often turn up malicious sites. Fortunately, there are a few ways you can reduce your risk.

First and foremost: Use a reputable search engine. Recently, there has been a proliferation of malicious search engines, designed to lure users to dangerous websites. Make sure you are using a well-known, safe search engine, such as Google or Yahoo. Reputable search engines do some filtering to remove malicious sites, although they cannot keep up with the global army of bad guys. If you find a malicious site, you can help by reporting it to Google or your favorite search engine.

There are also various browser plug-ins that will rate sites and display safety indicators next to search results. Check out McAfee Inc.'s SiteAdvisor or Finjan Inc.'s SecureBrowsing tool, for example. At the enterprise level, you can use application-layer proxies, which scan and filter websites. That way, even if users do click on nasty links, you can still block malicious Web content.

Above all: Think before you click.

This was first published in July 2009