Malware Sites Invade Google

By Greg McNevin

November 29, 2007: Security firm Sunbelt Software is warning that Google search results are increasingly being infiltrated by malicious websites.

In a series of posts to its official blog this week, the company claims a large scale attempt to steer users towards malware-infected websites is underway, using keywords to manipulate Google’s rankings and get dodgy results into the top ten results of many searches.

"This is huge," says Sunbelt CEO Alex Eckelberry. "So far we've found 27 different domains, each with up to 1,499 [malware] pages. That's 40,000 possible pages."

Sunbelt says that the sites have achieved high rankings in large part to “blogspam” and “comment spam” by bots.

“For months now, our Research Team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums), writes Sunbelt researcher Adam Thomas. “This network, combined with thousands of pages […] have given the attackers very good (if not top) search engine position for various search terms.”

What’s more startling, however, is that the sites seemed to be evading Google’s own malware warning service. Once a site is visited a user will be typically asked to install a missing plugin, if the request is accepted then up to 25 different types of malware including spambots, Trojans, rootkits and more could be installed.

“It's loaded with every piece of malware you can think of, including fake toolbars, rogue software and scareware,” writes Thomas.

Cautious users will notice that the dodgy URLs are made up of nonsensical characters with China’s .cn domain at the end, however, many users may not see this and risk infection.

Google has no doubt been notified by now, hopefully its algorithm is tweaked to flush out the malware before another bot army is harnessed.

Comment on this story