Slashdot Mirror
Search Engine Optimization Poisoning Way Up In '10
alphadogg writes "Cybercrooks continue to abuse the Web, boosting their ability to produce what's called search engine optimization poisoning so that individuals making use of search engines such as Google's increasingly are ending up with choices that are dangerous malware-laden URL links.
Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results, according to the Websense 2010 Threat Report published Tuesday. That's in comparison to 13.7% of Google searches having that outcome in the latter half of 2009, says Patrik Runald, Websense senior manager of security research."
IMHO, the trash in the Google search is mostly due to spammers: the people who game the page-rank. I agree with eldavojohn: everyone is doing it these days, and the "news" sites are especially notorious. The line is very blurry. I know a dude who works for gather.com, and they are doing it by inserting "keywords" into their news articles. This is not the same as using a botnet to generate traffic, but the goal is the same.
May be the future of search is Bayesian filtering? It is doable even right now: have a local program load 1000 or so Google hits and unleash on them your own personal filter. Everyone heard about spam/ham filtering, but the math and the algorithm extend naturally to any finite number of categories, so a user can create categories such as "spam", "science", "shopping", "blog", "porn", train the filter, and enjoy truly personalized search results. Google is obviously loosing to rank gamers, they are way too smart and too quick to adapt. But a personal Bayesian filter could take the raw index with 90% spam and select results relevant to YOU, while slashing the amount of spam by a couple of orders of magnitude.
My Thunderbird filter works like a charm: in the last year I've had 1 (one) false positive and what feels like less than 5% of false negatives. I think it will work just great on Web pages.
Can't help but wonder if these people even need a connection to the internet. Now granted that's not to say infections can't happen to everyone, because they can and they do but I think we can all agree the vast majority of infections delivered by shady sites are borne by the vast vapid masses. I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is?
You had me until here. I get in to my car with nary an idea on what nearly everything in the engine (processor/memory) is or does. All I know about a vehicle is what I can reach from the driver's seat: ignition, steering wheel, gas and brake pedals, radio, climate control, spedometer, odometer. There's also a tachometer (or something) which strongly correlates with engine noise, and also tells me when my gas engine turns off while I'm stopped (hybrid) - beyond that, I have no care.
I don't see why a computer user needs to know what a processor or memory is. They need to know how to navigate: turn it on and off (safely), get on the applications they care about, save their progress (e.g., in a word processor) such that a power outage doesn't destroy hours of work, and they need to know "defensive computing", that is, how to recognise dangers to their safety, both personal safety and the safety of the machine they're operating. We take driver's ed and defensive driving courses. Equivalents can be created for computing. But we don't all take mechanic's training, nor should most users need to know how to crack open their case and manipulate the contents.