Tainted links lurking in places you may not expect
Updated On: Feb 26 2013 07:00:00 AM EST
We've been warned about the dangers of opening emails from someone we don't know. We've been warned not to open suspicious attachments. Now we're being warned that computer crooks have found a new way to target us: on search engines.
Jim McGrath says his computer was recently held for ransom. While he was searching online, his computer froze and a warning popped up demanding he pay $60 for a program to get rid of a virus. McGrath tried for hours to get his computer unfrozen, but it would not function until he paid.
“I felt I was being scammed into buying a virus program that I didn’t need because I already had virus programs and I couldn’t even run a scan on my own virus program,” he said.
Expers say McGrath was hit by a ransomware scheme, and it's just one way you could be attacked.
Cyber crooks are manipulating search engines so their poisonous or tainted web links pop up in your results. And if you click on the malicious link, malware or viruses invade your computer.
“You will be infected and you won't even know it,” said Chris Larsen with Blue Coat Security.
Blue Coat Computer Security's analysis found search engine poisoning attacks mounting. And now computer users are three times more likely to get a tainted link from a search engine than in an email.
“People do trust the search engines and they are predisposed to click on whatever they see in the results, and because they're not aware it could be dangerous this turns out to be a very effective attack for the bad guys,” said Larsen.
Blue Coat found bad guys don't only target people searching for top news stories or adult content. They may try to lure you to their links while you search common topics like: health and medical information, samples of business and professional letters and seasonal searches like holiday recipes, decorations and costume ideas.
“Search engine algorithms have been designed partially to prevent cyber criminals from doing this kind of behavior,” said Chris Boggs, Chairman of SEMPO.
The search engine industry group, SEMP, says websites do fight back.
In a statement Google said, "We've built and refined tools over many years to keep malicious content out of our search results and to warn website owners whose sites may have been compromised. We show millions of warnings to Google search users every day to warn them about suspicious websites that could harm their computer. A combination of automated and manual processes helps us respond quickly to evolving threats and stay a step ahead."
In a statement, Bing said, “Bing is able to detect webpages consisting of machine-generated spam, keyword stuffing, redirect spam or malware, allowing Bing to effectively remove such sites from results. This is done through constant innovation on finding ways to detect the various evolving versions of the kinds of spam techniques we face. We are actively working on new filtering techniques for Image search where the majority of these malicious links were found. Additionally, signals that have been previously spammed now have countermeasures to prevent abuse. Bing has also developed several ranking signals to help weed out spam results and better understand the intent of the searcher. We are always looking to improve the Bing user experience for customers, and remain dedicated to providing a trusted and reliable search experience.”
Unfortunately, sometimes cyber criminals sneak past even tough search engines security. However, SEMPO says there are a few things you can do to help that from happening.
To avoid poison links:
Look at website addresses endings. Experts say .com and .net are usually safe. But if it ends in something you've never heard of like .cx or .tf, you may want to avoid those.
If the text under the link looks garbled, don't click on it.
McGrath isn't sure what he clicked on to launch the Ransomware. He removed the software from his PC, but wonders if it's still lurking behind the scenes.
“I worry that they still may have access to my computer," he said.
Experts say if a link just doesn't seem right, don't click on it. Teach your kids about how to avoid poisonous links when they search.
And of course, always make sure you have good, up to date, anti-virus and malware programs running on your computer.