'Search engines should do more to fight malware'

Posted by   Virus Bulletin on   Mar 4, 2008

85% of users think that search engines should be doing more.

According to a recent poll, 85% of visitors to the VB website think that search engines should be doing more to fight malware, but experts say the matter is more complicated than that.

A recent paper by researchers at Google revealed that more than 1.3% of Google search results now contain at least one malware-serving website - a number that has quadrupled in the past nine months. Translated into actual searches this means that millions of people are being presented with links to malware-serving websites every day.

Randy Abrams, director of technical education at Eset, says that anything that search engine companies can do to prevent links to malicious websites from being displayed is beneficial, but warns that it is far from an easy task. He reminds us of last year's malware attack on the Miami Dolphins website just prior to the Super Bowl: "to block search results to that site," he says, "might have been perceived as a bad thing by many people."

Besides raising issues over freedom of speech, Abrams foresees another side effect of blocking sites: a new kind of DoS attack, where a website is infected with malware by a competitor or someone with a grudge, thus causing it to disappear from search engine results.

Martin Overton, an independent researcher and regular contributor to Virus Bulletin, agrees with VB poll respondents that search engines aren't doing enough. However, he points out that it is not easy to determine exactly what should be blocked from search results: "[Should you block] just malware, hacking tools and exploit code, or do you include porn, gambling, racial and religious abuse, and many other 'bad' things too?"

Tools such as SiteAdvisor and the others that warn about malicious or infected sites are probably a better idea, according to Overton, but he warns that they can be used as a crutch and are often used as a form of authorisation tool: "The user thinks 'If my toolbar/anti-malware says it is safe, then I'll trust it, and if I get infected, hacked or phished, then it isn't my fault.'"

So what's the answer? Abrams believes user education is important - and that blocking websites from search engine results might not be helpful: "[Blocking infected sites] does not educate people who desperately need to know more, and doesn't improve the security of software." Meanwhile, Overton suggests turning off all scripting and plugins in your browser, but says that this could cause problems with the functioning of many websites. "As with most things, he says, "minimising the risks will require a mix of technologies and education as well as good security policies and procedures - and a common-sense application of them all."

Google was not available for comment.

Posted on 03 March 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Consumer spyware: a serious threat with a different threat model

Consumer spyware is a growing issue and one that can have serious consequences: its use is increasingly common in domestic violence. But do our threat models consider the attacker with physical access to, and inside knowledge of the victim?

VB2016 paper: Debugging and monitoring malware network activities with Haka

In their VB2016 paper, Stormshield researchers Benoît Ancel and Mehdi Talbi introduced Haka, an open-source language to monitor, debug and control malicious network traffic. Both their paper and the video recording of their presentation are now…

VB2017: a wide ranging and international conference programme

We are proud to announce a very broad and very international programme for VB2017, which will take place in Madrid, 4-6 October 2017.

John Graham-Cumming and Brian Honan to deliver keynote addresses at VB2017

Virus Bulletin is excited to announce John-Graham Cumming and Brian Honan as the two keynote speakers for VB2017 in Madrid.

Virus Bulletin says a fond farewell to John Hawes

As VB's COO John Hawes moves on to new challenges, the team wish him a fond farewell and good luck in his future endeavours.