Beware of image search engine poisoning
A recent analysis of the use of search engine poisoning to drive web traffic to payday loan sites by Sophos virus researcher Fraser Howard suggests that the majority of image search poisoning is happening on Bing's image search engine and not on Google Images.Â According to the information, 65% of blocked search engine redirects caused by search engine poisoning is happening on Bing, while only 30% on Google, with more than 90% all all redirects originating from poisoned image search results.
The article fails to provide hard data that is needed to come to the conclusion though. Missing is for instance the total number of image-based searches and the percentage of redirects for each search engine. While Google certainly has a larger market share when it comes to search, it is not clear if this is also the case for Image Search or Sophos users. While it is certainly possible that Bing's image search results are prone to image search engine poisoning, it is impossible to verify that this is indeed the case without additional data.
From a users point of view, it may be reassuring to know that your search engine may be less prone to search engine poisoning, but there are other factors that need to be considered. While a lower search engine poisoning ratio may be reassuring, it does not mean that you won't fall pray to this attack form when searching for images when using your favorite search engine.
For users, it is important to know what search engine poisoning is and how it can be identified properly. The basic methodology is the following:
- A keyword-rich web page is created or hacked
- Search engines find the page and list it in their index
- SEO is used to push keywords to the top if necessary
- Users clicking on the search results linking to the page are automatically redirected to malicious websites
The best protection against these kinds of redirects is an up to date security product that blocks known malicious sites automatically and can detect unknown malicious sites through heuristics as well. You may also improve security by not clicking-through to pages hosting those images.
Have another tip on how to deal with search engine poisoning? Post it in the comments below.Advertisement