This content has been marked as final. Show 5 replies
This post by a fellow MVP shares what to be on the lookout for:
QUOTE: Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they're all Chinese domains. Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn't look right, and certainly avoid 'nonsense' domains like those in the Sunbelt screenshots.
Good news = Google has filtered out these malicious sites from it's indexes
Bad news = These malicious sites are still out there on the Internet
Google fixes Malicious redirects to malware sites from it's search results
The malicious redirecting sites are still present and folks need to be cautious at all times. The improved filtering should help reduce the likelihood of hostile sites being returned on the 1st few pages of a search.
Google expunges malware sites from search results
QUOTE: Google Inc. has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed today.
"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software, the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.
This article provides a good update related to malicious links being embedded in returned search results. Folks should always avoid unusual links and keep AV/FW protection up-to-date. The current malicious links have domain names ending in "cn" (representing China, although they could be hosted from anywhere and this could change as this sophisticated attack continues).
VIRUS EXPERTS WARN OF 'GOOGLE POISONING'
QUOTE: You might want to take an extra half-second the next time you click on search engine results to make sure you know where you're going. Computer criminals have refined a sinister technique for tricking Web surfers into clicking on infected Web pages, turning search engines like Google into unwitting partners.
It's known as “Google poisoning,” because Google is the biggest target, but it can impact any search engine. Criminals construct booby-trapped Web pages, then dupe search engines into giving them high rankings.
A Google spokeswoman who declined to be identified said the company is aware of the problem and working to keep its results clean. "Google works hard to preserve the quality of our index,” the company said in a statement. “We actively identify sites that serve malware or abuse our quality guidelines in other ways."
No one knows how successful the tactic is, though Eckelberry points out the criminals wouldn't keep doing it if it didn't work. Still, even an attack of 40,000-50,000 fake Web sites still represents an infinitesimal portion of the sites in Google's index, making the odds of any individual consumer encountering a poisoned Google link still quite small. "I don't want people to get scared of Google," he said. “Google is impressive with how quickly they remove bad sites.”
This is just another reason to use a good, extensive HOSTS file. It's not perfect but certainly helps block some of those "bad" redirected URLs. The HOSTS file I'm using currently has hundreds of *.cn sites blocked and as new "bad" sites are discovered, they're added to the list.
Hope this helps.