In this world of immediate gratification, most of us computer owners head straight to a search engine without a second thought when we need the answer to a question. It’s as easy as typing in a query and clicking on the first link generated, maybe trying a couple more if the answer isn’t immediately visible. No hassle, right? Wrong. Using search engines without having up-to-date antivirus software can be a dangerous endeavor. These days, hackers and spammers are becoming increasingly sneaky with their computer viruses, Trojans, and computer worms. A method known as “search engine poisoning” exploits the use of search engines to spread malware and viruses. This practice is becoming more prominent as a means of stealing credit card information. As the average time spent on the web increases (over 68 hours a month as of September 2009), the threat of nefarious software becomes more and more apparent.
Generally, hackers will employ black hat SEO methods to gain higher search rankings for particular terms. Common tactics include spamdexing, cloaking and placing hidden text on web pages. Black hat SEO is frowned upon by search engines, but is often utilized for search engine poisoning. By clicking on poisoned links, users will often get notifications that their computer is infected with a virus that can be fixed by purchasing rogue antivirus software. Users will be prompted to enter their credit card information, which is then stolen by the cybercriminal.
The most commonly poisoned search terms often reflect popular or current events, such as “economic crisis,” “stimulus check,” or “credit crisis.” Terms related to pop culture events are often used, along with the names of actors or high profile individuals. When search terms spike in popularity, they are often targeted by hackers to spread malware. Anything with the word “free” in the search is a high risk term, especially “free music” and “free ringtones.” Aside from keeping your antivirus software up to date and running properly, it’s also important to have a good firewall, which will prevent the web pages from loading and releasing the malware into your system.