Google expunges malware sites from search results

Not that it's admitting there was ever a problem, mind you

Google has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed Wednesday.

"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software Distribution, the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.

"Google did confirm yesterday with us that they were working the case, and they are good about nailing this stuff," Eckelberry added in an e-mail late Wednesday afternoon. Sunbelt had notified Google of its findings on Monday.

Earlier Wednesday, Sunbelt malware researcher Adam Thomas said his spot searches on Google the night before had come up sans malware URLs. "They appeared to be zapped," Thomas had said.

Ironically, Google itself refused to confirm or deny that it had cleansed its index of the more than 40,000 malware hosting sites, or even that they had existed. "Google takes the security of our users very seriously, especially when it comes to malware," a company spokeswoman said Wednesday in an e-mail. "In our search results, we try to warn users of potentially dangerous sites when we know of them. Sites that clearly exploit browser security holes to install software, such as malware, spyware, viruses, adware and Trojan horses, are in violation of the Google quality guidelines and may be removed from Google's index."

She did not, however, answer questions about how long it takes Google to purge its search index or whether it has countermeasures that are supposed to keep sites from gaming its ranking system. According to Thomas, the group who created and stocked the sites with Trojan horses, rootkits and password-stealers drove up those sites' search-result rankings by spamming blogs and site-comment sections with their links.

Microsoft Corp., meanwhile, would only say that it was on the case. "We are aware of the issues and are working to rectify the situation," said Justin Osmer, a senior product manager for Live Search, in an e-mail sent by the company's public relations firm.

Yahoo Inc. did not respond to a similar request for comment Wednesday.

Sunbelt first noticed the huge number of infected sites, and their appearance in results lists for a bewildering array of searches, on Sunday. Thomas explained how the attackers managed to beat the search system. "For months now, our research team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms, typically comment forms and bulletin board forums," he said. "This network, combined with thousands of pages such as the two seen above, have given the attackers very good, if not top, search-engine position for various search terms." Among the hundreds of search terms he had spotted being used were "infinity" and "hospice."

"Pretty sick," Thomas said.

Users with PCs not completely up-to-date on their patches, he continued, were attacked by what Sunbelt has dubbed "Scam.Iwin," which turns the compromised computer into a pay-per-click zombie that generates revenue for the attacker. "Scam.Iwin is also used to load malware for other groups," claimed Thomas. "In this case, one of those malware groups is known to have been associated with the infamous RBN [Russian Business Network]."

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?