Misusing trust: search engines targeted to deliver malware

Parveen Vashishtha Symantec

This paper will outline various methods employed by malware authors to use search engines as a malware delivery vehicle. The paper also reviews the mitigation provided by search engines and security vendors.

Attackers use SEO poisoning to manipulate search keywords and many search queries lead to malware downloads. Methods like automated captcha breaking are used to host blogs on different high-profile websites. Google Trends, Google Insight, blog spamming, keyword poisoning etc. are used to increase relevance in search results. Abusing the advertisement services of search engines and using popular websites to display advertisements has become a known problem. It is observed that not only Google but Yahoo, Live search and AOL are also targeted to deliver malware.

To escape from the eyes of security researchers, attackers employ techniques like the use of meta tags to avoid their website from being indexed and cached. HTTP referrer checking is used, in which malware is delivered only if the request comes from a specific source. Various tools are used to automate the process of creating clones of popular websites like YouTube, Metacafe etc. Search engines themselves have come up with some countermeasures, like Google's SafeBroweAPI, but these are proving insufficient. We will discuss mitigation techniques provided by search engines and security vendors.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.