Search engines point to malicious Web sites
- 15 May, 2006 07:58
Search engines deliver links to dangerous Web sites that download spyware and adware to visitors' PCs, exploit security vulnerabilities and attempt to scam users and include them in spam lists, a new study has found.
U.S. users land on malicious Web sites about 285 million times per month by clicking on search results from the five major search engines, according to the study, conducted by McAfee's SiteAdvisor unit and released on Friday. Google, Yahoo, Microsoft's MSN unit, IAC/InterActiveCorp's Ask.com and Time Warner's AOL comprise the top search engines.
It also found that the ads search engines run with their search results are significantly more likely to lead users to malicious Web sites than regular search results. On average, almost 9 percent of these so-called sponsored results link to rogue Web sites, compared with an average of 3.1 percent of regular search results. Of the major search engines, MSN delivered the fewest malicious links with 3.9 percent, while Ask.com fared the worst with 6.1 percent.
"Our core advice: It's a jungle out there. Users should be careful where they go and what they do when choosing sites based on search engine results," reads the study (http://www.siteadvisor.com/studies/search_safety_may2006.html). "Users can't count on search engines to protect them."
Some popular search keywords such as "digital music" and "singers" can trigger a set of results in which 72 percent of the items link to malicious Web sites, according to the study, conducted between January and April.
Marissa Mayer, Google's vice president of search products and user experience, acknowledged this is "a real issue" and said Google has taken steps to address it. For example, Google offers an antiphishing plug in for the Firefox browser, she said.
Meanwhile, a Yahoo spokeswoman said the company offers a spyware detection and removal tool in its browser toolbar and it also has systems and employees devoted to improving the "quality" of its ad listings. Users of its search engine can also report malicious Web sites to Yahoo, she said in an e-mail.
Microsoft is also aware of the problem and attempting to curb it with its toolbar's pop-up ad blocker and antiphishing filter, said Justin Osmer, MSN senior product manager. "And we continue to work on all aspects of our search service to provide people with the best answer possible and protect them against malicious sites," he said via e-mail.
That the vast majority of search results are safe is a major accomplishment, an Ask.com spokeswoman wrote via e-mail. "Like the other major engines, we are committed to raising the bar even higher as we continue to apply human processes and technology to identify and remove unwanted sites from our index," she wrote.
AOL didn't immediately respond to requests seeking comment.
Search engines have become indispensable tools for people seeking information on the Web. U.S. residents conducted 6.4 billion online searches in March, up 10 percent from February, according to comScore Networks Inc. At the same time, Internet security threats, such as phishing ID theft scams and malware, increasingly concern users. In 2005, Gartner Inc. predicted the chilling effect of security threats will stunt the growth of U.S. online business-to-consumer sales.
McAfee suggests an unsurprising solution to the problem: users should download the free browser tool from SiteAdvisor (http://www.siteadvisor.com), which tells users if Web sites are safe or unsafe to visit.