November 10, 2010, 2:13 PM — Cybercrooks continue to abuse the Web, boosting their ability to produce what's called search engine optimization poisoning so that individuals making use of search engines such as Google's increasingly are ending up with choices that are dangerous malware-laden URL links.
Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results, according to the Websense 2010 Threat Report published Tuesday. That's in comparison to 13.7% of Google searches having that outcome in the latter half of 2009, says Patrik Runald, Websense senior manager of security research.
The rising level of SEO poisoning, also known as "Black Hat SEO," shows that cybercriminals "are fine-tuning their activities and getting better at this," Runald says, adding that although search engines such as Google work hard to try and stymie the Black Hat SEO effect, the trend is evident.
The irony is that when it comes to getting infected by malware, the chances of that are now less risky at porn and adult content sites, historically viewed as a high source of malware (now at 21.8%) than just searching for less scandalous topics, such as news, IT and entertainment. Runald adds that recognized news sites such as CNN or Fox News are not the sources of malicious links but are designed as malware traps to fool people into stumbling upon them through search results.
Black Hat SEO was on display during this year's Haiti earthquake on Jan. 12, when there was active Web searches being done to find out news about it and efforts to help, and "bad guys use major crises and events like this to spread their malicious code," the Websense report notes.
Much of the time the victim doing the search who clicks on a bad URL will end up at a rogue antivirus site where someone's trying to sell fake anti-malware software, Runald points out. This year, the trend has been that the rogue A/V vendors expanded to include "exploit kits to get their malware onto the PC" and that malware is now more likely to be ZeuS or other dangerous banking Trojans.
In general, according to the report, the number of malicious sites overall -- that is, the number of direct links with some form of malicious content -- is up 111% in 2010 over 2009.