The Search Engine Malware Battle

By Brian Prince  |  Posted 2010-07-29 Print this article Print

New malware research from Barracuda Networks highlights the challenge facing Google, Bing and other search engines.

In its Barracuda Labs 2010 Midyear Security Report, which the company will present in Las Vegas at Defcon 18 later this week, Barracuda analyzed more than 25,000 trending topics and nearly 5.5 million search engine results across Google, Bing, Twitter and Yahoo during a period of roughly two months.

Here's what the company found:

Overall, Google leads in malicious search engine results, "turning up more than twice the amount of malware as Bing, Twitter and Yahoo combined when searches on popular trending topics were performed," Barracuda said July 28.

"Google was the top source for malware primarily because of its market share," explained Paul Judge, chief research officer at Barracuda. "Google has over 60 percent of the search market share. This is similar to how Microsoft's operating system has been known to be more targeted by attackers over the years because of its market share."

The problem of poisoned search results is an old one for Google, which has told eWEEK in the past that it scans Web pages for malware and posts warnings in its search results when malicious content is found. In addition, many rogue sites get removed from search results altogether.

"Users should realize that they must still be wary of suspicious activity even from seemingly legitimate sites," Judge said. "Also, users should install some form of URL filtering or Web security product either on their computer or at the gateway of their network. Many of these attacks could be identified with existing technologies but people need to at least use any one of those technologies in order to be protected."

The company also assembled data on Twitter users "to model normal behavior," information that could be used to identify illegitimate users. What Barracuda found was, "Half of Twitter users tweet less than once a day, yet one in 10 tweet five or more times a day and 30 percent of Twitter accounts have never tweeted."

"There are three things a user can do on Twitter: follow, be followed or tweet," Judge said. "So we define a True Twitter User by those three main attributes: has at least 10 followers, follows at least 10 people, has tweeted 10 times -- to give us a baseline. Then we took our sampling (25 million Twitter accounts, about a fourth of the network) -- and applied those parameters to it -- [reaching] 28 percent for the first half of 2010, which is up from 21 percent from June to December 2009."

The report can be downloaded here. (PDF) |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel