Home > Ask the Information Security Experts > Secure software development and application/platform security Questions & Answers > How does search engine malware spread?
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

How does search engine malware spread?

Richard Brain EXPERT RESPONSE FROM: Richard Brain

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Enterprise IT tips and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 27 June 2009
How have search engines been manipulated by attackers to spread malicious code, and what are best practices to avoid search engine malware?

>
Yes, search engines or 'Web crawlers' have been used to indirectly attack other websites. It's actually quite an old idea which was confirmed still to function fairly recently, when Google was used to carry out RFI attacks and hack into other sites.

Search engines 'crawl' domains by looking for links to other pages or sites. The search engine then opens the link of a website page to find further links.

Search engine attacks have been demonstrated where a malicious link is added to a page, which consists of an attack, or multiple attacks, on other websites; they are then executed when the search engine opens the link. If the attack is successful, visitors to the now infected website would be at risk, and if the malware is sufficiently clever, it would add new links to attack further websites and spread the infection.

I guess such malware would these days be classified as a search engine piggyback virus, as it would not directly perform the attack(s) itself.

As an end user, best practices for avoiding search engine malware are to:

  • Make sure your computer is fully patched and is running the latest antimalware packages.
  • Try to only "visit" high-profile secure sites
  • Disable JavaScript execution on your Web browser if the site is unfamiliar.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Secure software development and application/platform security
Windows 2003 DNS configuration tips
How to protect a laptop from spam, viruses
What is the best choice for an enterprise Web browser?
How to detect and remove Sinowal and repair a master boot record
How effective are password hack tools?
How do attackers use Google to hack?
Why can Google block virus-infected websites; how do you stop a ban?
Should a worm patch or push security updates?
How to find and prevent SQL injection attack vulnerabilities

Threat and Vulnerability Management
Microsoft issues temporary fix for Windows Shell zero-day
Attackers target Windows Shell zero-day via USB sticks
How to stop Conficker: Anti-Conficker patch management, defense
Trojan virus attack using hijacked Web browser sessions hits UK banks
Law firm security gets positive verdict with UTM device
IBM to acquire BigFix for configuration, vulnerability management
Perimeter defenses deemed ineffective against modern security threats
Critical Adobe Reader, Acrobat update due today
Twitter settles with FTC over security issues, careless policies
Frustration growing over limited ability to shut down botnets

Web Application Security
Twitter settles with FTC over security issues, careless policies
Report: Google to phase out Windows, cites security issues
New tool enables botnet command and control via Twitter
Symantec Internet threat report highlights botnet, malware trends
Researchers aim to smarten Web application security scanners
Security-related social networking issues abound in organisations
New cloud VPN service improves application acceleration, security
New banking Trojan targets U.K. banks
Social networking risks, benefits for enterprises weighed by RSA panel
How to prevent Adobe hacks from affecting your organisation

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Centre for the Protection of National Infrastructure  (SearchSecurityUK.com)
Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Access Management: Authentication, Biometrics, Password Security
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget