Using blackhat search engine optimization (SEO) to get unsuspecting web surfers to go to malicious websites isn’t exactly new and it’s a problem that the major search engines are very aware of. According to new data from online security firm Sophos, however, Bing is apparently not doing a great job here, as the majority of SEO poisoned malware redirects currently affect Bing users.
According to Sophos, Microsoft’s search engine is responsible for about 60 percent of the redirects to malicious sites that Sophos currently sees on its network. Even though Google has far more users than Bing, it is “only” responsible for 30 percent.
As Sophos’ Fraser Howard notes, “it is also clear that the attackers are getting the most success from poisoning image search results.” According to this data, the search engines are doing a far better job with text searches than image searches. Just 8 percent of the redirects to malicious sites Sophos detects are from text searches and the remaining 92 percent come from image searches.
For users, detecting SEO poisoned image search results is obviously harder than finding malicious text search results, but it’s still clear that the search engines could do a far better job at stopping these exploits.
According to Fraser, “we all rely on the search engine providers managing to filter rogue links out of the search results (text and image searches). The bottom line is that we are all guilty of trusting the results we get back, and clicking through without necessarily scrutinizing the URL as closely as we might.”