Beware of image search engine poisoning

Martin Brinkmann
Oct 14, 2012
Updated • Dec 10, 2012
Search, Security

A recent analysis of the use of search engine poisoning to drive web traffic to payday loan sites by Sophos virus researcher Fraser Howard suggests that the majority of image search poisoning is happening on Bing's image search engine and not on Google Images.  According to the information, 65% of blocked search engine redirects caused by search engine poisoning is happening on Bing, while only 30% on Google, with more than 90% all all redirects originating from poisoned image search results.

The article fails to provide hard data that is needed to come to the conclusion though. Missing is for instance the total number of image-based searches and the percentage of redirects for each search engine. While Google certainly has a larger market share when it comes to search, it is not clear if this is also the case for Image Search or Sophos users. While it is certainly possible that Bing's image search results are prone to image search engine poisoning, it is impossible to verify that this is indeed the case without additional data.

bing image search

From a users point of view, it may be reassuring to know that your search engine may be less prone to search engine poisoning, but there are other factors that need to be considered. While a lower search engine poisoning ratio may be reassuring, it does not mean that you won't fall pray to this attack form when searching for images when using your favorite search engine.

For users, it is important to know what search engine poisoning is and how it can be identified properly. The basic methodology is the following:

  • A keyword-rich web page is created or hacked
  • Search engines find the page and list it in their index
  • SEO is used to push keywords to the top if necessary
  • Users clicking on the search results linking to the page are automatically redirected to malicious websites

The best protection against these kinds of redirects is an up to date security product that blocks known malicious sites automatically and can detect unknown malicious sites through heuristics as well. You may also improve security by not clicking-through to pages hosting those images.

Have another tip on how to deal with search engine poisoning? Post it in the comments below.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Sublym3 said on October 15, 2012 at 10:02 am

    Thats interesting, would love to see the data behind it.

    I have seen a lot of people get infected from google images (myself included), since moving to Bing I haven’t had a problem.

    The other thing I find interesting is when you click on an image in Bing it doesnt actually open the website (as far as I can tell) where as in Google does.

    1. Sublym3 said on October 15, 2012 at 10:15 am

      My mistake, I had to turn off a couple of things to see the website load in Bing

    2. Martin Brinkmann said on October 15, 2012 at 10:14 am

      Yes I’d really like to see the data as well. Bing Images displays the website on the Bing page last time I checked.

  2. Morely the IT Guy said on October 14, 2012 at 5:41 pm

    HostsMan will help avoid all kinds of malicious Web sites (including Doubleclick and similar advertising) by using the hosts file. It doesn’t do automatic updates, but by placing a shortcut in your Startup folder, you can be reminded to check for updates daily, it takes only a couple of seconds. See

  3. DanTe said on October 14, 2012 at 5:35 pm

    I always do all my searches in Sandboxie. Thanks for the heads up on Sandboxie here, Martin. I love it once I learned about it. Easier to use the VMware.

    1. Martin Brinkmann said on October 14, 2012 at 5:38 pm

      I agree, it is a great program.

  4. marius t said on October 14, 2012 at 2:03 pm

    That’s why sometimes is useful to have a userscript like “Google Images Direct Links”,because I’m intersted only in the image not from where it came !

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.