Slashdot Mirror

← Back to Stories (view on slashdot.org)

Search Engine Optimization Poisoning Way Up In '10

Posted by CmdrTaco on from the someone-warn-snow-white dept.

alphadogg writes "Cybercrooks continue to abuse the Web, boosting their ability to produce what's called search engine optimization poisoning so that individuals making use of search engines such as Google's increasingly are ending up with choices that are dangerous malware-laden URL links. Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results, according to the Websense 2010 Threat Report published Tuesday. That's in comparison to 13.7% of Google searches having that outcome in the latter half of 2009, says Patrik Runald, Websense senior manager of security research."

15 of 175 comments (clear)

  1. Malware/Spyware isn't the only problem... by drunkennewfiemidget · · Score: 5, Interesting

    At least in my case, I've found that google's search results have gotten progressively more useless over the last 2-3 years.

    I search for a linux issue I'm having, the only hits I get are ubuntu users in 2004.

    I search for applications for my wife's phone, it's almost 100% adware sites, and 0% useful download links.

    My google search usage is going down steadily. If I want to know about a company/famous person/whatever, it's en.wikipedia.org/wiki/.

    Info on movies, actors, etc? imdb.

    Looking for directions? Mapquest. Google maps has gotten me lost on countless occasions. (By doing such things as telling me to get off a highway by crossing the meridian, and exiting on the onramp for the opposite direction.)

    I don't know whether it's just me, google has thinned out the effort going into their searches in favour of their (many) other endeavours, or if they're just not evolving as fast as the assholes who want to try and monetize my searches for completely unrelated shit.

    1. Re:Malware/Spyware isn't the only problem... by Jugalator · · Score: 2, Interesting

      Yes, I think I've seen the same thing. And either Google is very silent about their search engine updates besides the visuals, or they're doing very little to combat the problem. All I seem to hear is efforts to let you get the results faster (the latest ideas being "Instant Search" and "Instant Previews"), although I can't say I'm having trouble with Google being sluggish. The fake blogs or forum scrapers, on the other hand...

      I understand that it's hard to differentiate carefully crafted fake sites from real ones with algorithms, but come on -- there are well-known domains only using scraped stuff out there... Block the entire domains, Google. It's your private index and you decide who should be there. Or at least hide them, if you don't want to look like a censorship organization. Smaller-sized text with the message: "This link is temporarily hidden due to excessive search engine index manipulation in the time period XXX to YYY. It will be shown again on ZZZ. Click to view."

      --
      Beware: In C++, your friends can see your privates!
    2. Re:Malware/Spyware isn't the only problem... by Anonymous Coward · · Score: 1, Interesting

      The problem is that Google uses an algorythem to rank pages for search results. Originally this was superior to the "submit your site and we'll include it in our search" method because it removed bias. However over time people have reverse engineered that algorythem and so no the rank of your site is based on how well you optimize for that algorythem. The sites that spend the bulk of their effort having good content will this be disadvantaged over those that spend the bulk of their effort optimizing for search rank (typicly the later are ad sites or malware distribution sites).

    3. Re:Malware/Spyware isn't the only problem... by melikamp · · Score: 3, Interesting

      IMHO, the trash in the Google search is mostly due to spammers: the people who game the page-rank. I agree with eldavojohn: everyone is doing it these days, and the "news" sites are especially notorious. The line is very blurry. I know a dude who works for gather.com, and they are doing it by inserting "keywords" into their news articles. This is not the same as using a botnet to generate traffic, but the goal is the same.

      May be the future of search is Bayesian filtering? It is doable even right now: have a local program load 1000 or so Google hits and unleash on them your own personal filter. Everyone heard about spam/ham filtering, but the math and the algorithm extend naturally to any finite number of categories, so a user can create categories such as "spam", "science", "shopping", "blog", "porn", train the filter, and enjoy truly personalized search results. Google is obviously loosing to rank gamers, they are way too smart and too quick to adapt. But a personal Bayesian filter could take the raw index with 90% spam and select results relevant to YOU, while slashing the amount of spam by a couple of orders of magnitude.

      My Thunderbird filter works like a charm: in the last year I've had 1 (one) false positive and what feels like less than 5% of false negatives. I think it will work just great on Web pages.

      Um, I am resubmitting this, since it's not appearing. Sorry if it's a dupe.

    4. Re:Malware/Spyware isn't the only problem... by jhigh · · Score: 3, Interesting

      It's probably a combination of the two. Google search results are definitely becoming more useless, and I think as more and more people become familiar with the Internet, their behavior patterns will evolve to reflect this. I think it's not just more specialized web sites like imdb cropping up, but user familiarity with the existence of these sites. As the Internet becomes more and more a part of our daily lives, web sites advertise on television, etc., it's only natural that average users are becoming more familiar with specific web site offerings and foregoing the extra step of typing a search into Google. The (potential) down side to this is what happens when a new, better web site crops up that may be infinitely better than the one that we're all familiar with. For example, once the world became accustomed to using Microsoft Office exclusively because that is what they were the most familiar with, it has become increasingly difficult (if not damn near impossible) for any other product to break into that space.

      Is it possible that we will see similar things happening with web sites, where inferior sites are getting all of the hits simply because they are what people became familiar with early on?

      --
      Social Engineering Expert: Because there is no patch for stupidity.
    5. Re:Malware/Spyware isn't the only problem... by hedwards · · Score: 2, Interesting

      That's one of my top complaints about Google. The link farms and the results which require you to scroll way down to the bottom of the page to find the information. Google's approach worked well in the past when speed was more of an issue, but now that the web has adjusted to Google's stupid algorithm it's getting progressively worse.

      The other annoyance with Google is that it can be a real pain searching for things if you don't know exactly what it is that you're looking for. And the seeming inability of Google to know the difference between freeware and free to download trials.

      I spent some time a while back using Bing and quite honestly, there isn't that much of a difference in terms of quality of results. And for some things, the Bing approach is just better. Such as the way that it handles image searches. (Not necessarily the quality of results but the presentation)

  2. Re:Link to Actual Report and My Many Gripes by negRo_slim · · Score: 2, Interesting

    I thought I would find this in th NetworkWorld article.

    Networkworld sure does seem to get linked to a lot around here lately.

    That aside, the summary states 22.4% of Google Searches produced malware results. Okay so obviously 22% of searches aren't going to be for anti virus software and the like, so can we just call this one a stupidity tax and move on? I recently had to remove a virus from an acquaintance's machine (3ghz celeron w/ 248mb RAM) by the time I was done I wanted to put it back on for the gentleman assumed it must of been the government out to get him to stop him from speaking his mind on the internet.

    0_0

    Can't help but wonder if these people even need a connection to the internet. Now granted that's not to say infections can't happen to everyone, because they can and they do but I think we can all agree the vast majority of infections delivered by shady sites are borne by the vast vapid masses. I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is? Can the knowledge really get any more fundamental than that, for at some degree shouldn't we be held accountable for our own actions or lack thereof? If ignorance of the law is no excuse I fail to see why we give such a large free pass when it comes to computing. For the consequences can be just as real when you find you just sent your life savings to a scammer in Nigera, or got your dumb ass key logged while going into your PayPal. Or whose to say a virus won't come along that dumps addresses? Oops your 19 year old daughter's college address was in your Outlook now someone has that... Oops she's murdered! ... Granted a stretch but my point is for far to long we've gone after the symptoms and never treated the cause.

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
  3. Re:Google Can Ban Sites, So... by Antony+T+Curtis · · Score: 3, Interesting

    Probably because malware organisations have discovered an ancient and dark evil who would further their cause ... for a price.

    They're called: Lawyers.

    --
    No sig. Move along - nothing to see here.
  4. Re:What are they searching for? by TheGratefulNet · · Score: 2, Interesting

    google thinks the ONLY valid reason for the web is to let us 'shop for things'. sorry but I do a lot of tech searches (looking for code fragments or schematics or HOWTOs) and more often than not, the first FEW pages are ads to sell me something.

    we need a front-end to google to keep google honest. there have been front-ends, too, but google found out and stopped it (usually).

    --

    --
    "It is now safe to switch off your computer."
  5. Re:Search engine rankings for legitimate sites by theskipper · · Score: 3, Interesting

    Speaking of ehow (Demand Media), here's a great article about how they're junking up the SERPs. It's not just small time link farms, it's industrial strength pollution backed by hundreds of millions of dollars.

    http://www.wired.com/magazine/2009/10/ff_demandmedia/

    Google is going to need to take a firm stand. And they most likely want to do it desperately now that there's some real competition. But it's a tough nut to crack and they certainly don't want to upset their applecart (i.e. ad revenues).

  6. JS:DR by PPH · · Score: 3, Interesting

    Article requires JavaScript: Didn't read.

    --
    Have gnu, will travel.
  7. Need to vote or rank results... by seanvaandering · · Score: 3, Interesting

    They really need to create a ranking system for logged in Google users so people can vote down spammy links. Could be based on the frequency of the reports. Anything in first ten results with more than 100 negative votes per hour, automatically get removed and placed into a holding queue for a Google employee to review. If it's discovered to be spam, automatically penalize the URL in all results and remove it. Hosting companies will never want to host spammers, because all their good customers will go running to the hills. Just a thought..

  8. Re:Useless Search Content by TheRaven64 · · Score: 3, Interesting

    Not necessarily. Google Scholar will only find peer-reviewed papers (not very competently, and omitting much of the information required to find where it was originally published), but I find reading researchers' blogs often turns up more interesting stuff. It often takes 1-2 years between doing the work and having a journal paper published (and another little while for Google Scholar to notice it), so a blog post from a decent researcher about his or her current work will tell you stuff now that won't appear in Google Scholar results for 2-3 years.

    --
    I am TheRaven on Soylent News
  9. Wiki for info by HalAtWork · · Score: 3, Interesting

    The reason you're going to Wikipedia for actual information is because the site is structured to eliminate anything that isn't factual information. You're just realizing that the web is a bunch of crappy cross-linked blogs and syndicated content behind ads/paywalls. Soon you'll be hitting podcasts for editorial content instead of the ad-laden multi-click regurgitated PR between top 10 lists that make up most sites.

    --
    Twinstiq, game news
  10. Re:Google Instant by Animats · · Score: 2, Interesting

    I wonder if Google Instant will soon compound this problem. Once you're apt to see a tidbit of a result and quickly click through, that would be quite the prime target for this type of attack.

    Google Suggest (the command-completion part of Google Instant) already had a major spam problem. Google Suggest isn't driven by page rankings; it's driven by Google Trends, which was updated every few minutes. So, generating a large number of search requests in a short period could push a request to the top entries on Google Trends. That would make it appear as a suggestion in Google Suggest, driving further traffic to that search. I've seen a small mattress store at the top of Google Trends. This approach to spamming could give a site a huge traffic spike for about 45 minutes or so.

    Google now seems to be updating Trends more slowly, to provide more averaging over time. This makes it harder to pull off that attack.