Beware of image search engine poisoning
A recent analysis of the use of search engine poisoning to drive web traffic to payday loan sites by Sophos virus researcher Fraser Howard suggests that the majority of image search poisoning is happening on Bing's image search engine and not on Google Images. According to the information, 65% of blocked search engine redirects caused by search engine poisoning is happening on Bing, while only 30% on Google, with more than 90% all all redirects originating from poisoned image search results.
The article fails to provide hard data that is needed to come to the conclusion though. Missing is for instance the total number of image-based searches and the percentage of redirects for each search engine. While Google certainly has a larger market share when it comes to search, it is not clear if this is also the case for Image Search or Sophos users. While it is certainly possible that Bing's image search results are prone to image search engine poisoning, it is impossible to verify that this is indeed the case without additional data.
From a users point of view, it may be reassuring to know that your search engine may be less prone to search engine poisoning, but there are other factors that need to be considered. While a lower search engine poisoning ratio may be reassuring, it does not mean that you won't fall pray to this attack form when searching for images when using your favorite search engine.
For users, it is important to know what search engine poisoning is and how it can be identified properly. The basic methodology is the following:
- A keyword-rich web page is created or hacked
- Search engines find the page and list it in their index
- SEO is used to push keywords to the top if necessary
- Users clicking on the search results linking to the page are automatically redirected to malicious websites
The best protection against these kinds of redirects is an up to date security product that blocks known malicious sites automatically and can detect unknown malicious sites through heuristics as well. You may also improve security by not clicking-through to pages hosting those images.
Have another tip on how to deal with search engine poisoning? Post it in the comments below.
Advertisement
Thats interesting, would love to see the data behind it.
I have seen a lot of people get infected from google images (myself included), since moving to Bing I haven’t had a problem.
The other thing I find interesting is when you click on an image in Bing it doesnt actually open the website (as far as I can tell) where as in Google does.
My mistake, I had to turn off a couple of things to see the website load in Bing
Yes I’d really like to see the data as well. Bing Images displays the website on the Bing page last time I checked.
HostsMan will help avoid all kinds of malicious Web sites (including Doubleclick and similar advertising) by using the MVPS.org hosts file. It doesn’t do automatic updates, but by placing a shortcut in your Startup folder, you can be reminded to check for updates daily, it takes only a couple of seconds. See http://www.abelhadigital.com/hostsman
I always do all my searches in Sandboxie. Thanks for the heads up on Sandboxie here, Martin. I love it once I learned about it. Easier to use the VMware.
I agree, it is a great program.
That’s why sometimes is useful to have a userscript like “Google Images Direct Links”,because I’m intersted only in the image not from where it came !