Beware of image search engine poisoning

Martin Brinkmann
Oct 14, 2012
Updated • Dec 10, 2012
Search, Security

A recent analysis of the use of search engine poisoning to drive web traffic to payday loan sites by Sophos virus researcher Fraser Howard suggests that the majority of image search poisoning is happening on Bing's image search engine and not on Google Images.  According to the information, 65% of blocked search engine redirects caused by search engine poisoning is happening on Bing, while only 30% on Google, with more than 90% all all redirects originating from poisoned image search results.

The article fails to provide hard data that is needed to come to the conclusion though. Missing is for instance the total number of image-based searches and the percentage of redirects for each search engine. While Google certainly has a larger market share when it comes to search, it is not clear if this is also the case for Image Search or Sophos users. While it is certainly possible that Bing's image search results are prone to image search engine poisoning, it is impossible to verify that this is indeed the case without additional data.

bing image search

From a users point of view, it may be reassuring to know that your search engine may be less prone to search engine poisoning, but there are other factors that need to be considered. While a lower search engine poisoning ratio may be reassuring, it does not mean that you won't fall pray to this attack form when searching for images when using your favorite search engine.

For users, it is important to know what search engine poisoning is and how it can be identified properly. The basic methodology is the following:

  • A keyword-rich web page is created or hacked
  • Search engines find the page and list it in their index
  • SEO is used to push keywords to the top if necessary
  • Users clicking on the search results linking to the page are automatically redirected to malicious websites

The best protection against these kinds of redirects is an up to date security product that blocks known malicious sites automatically and can detect unknown malicious sites through heuristics as well. You may also improve security by not clicking-through to pages hosting those images.

Have another tip on how to deal with search engine poisoning? Post it in the comments below.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Roebie said on September 16, 2011 at 10:23 am

    “the not so perfect search utility in XP”
    At least it worked. Both Vista and Seven take far too much time indexing and searching on networked drives.
    A search for all files with a certain string in the filename takes 3 times longer on Seven (and 4 times longer on Vista) than on XP.
    The indexing service takes too much memory too.
    I’ll stick to Copernic Desktop Search for now!

  2. Kari said on September 16, 2011 at 3:54 pm

    What a crap! My customers don’t find their documents with windows search function, even if it is almost in right front of you. Microsoft’s policy is to keep everything messy and protected, and the most stupidiest thing is to show different name for the folder than what it actually is.

    Is it too much to ask, if the search function would work like in XP? Yes it is…
    Good luck with Windows Search, third party software rules in this case… too.

  3. Fuddler said on October 18, 2012 at 6:13 am

    The term negation function doesn’t work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.