Malware in search engine results & what you can do about it…

As a digital citizen we all interact with an “underbelly” of the Internet a daily basis – sometimes without even knowing it.  Lets face it, the Internet is not a safe place.  Whether using email, instant messaging, web surfing and even social networking the risks and costs of malware are very real.  Unfortunately, even when using your favorite search engine you are not 100% safe.  Quite often the sites we find in SERP (Search Engine Results Page) contain content we shouldn’t click including direct links to malware, phishing, spyware, sites and even painfully dangerous exploits.  Cybercriminals use any means necessary to deliver their payloads because they profit from their propagation.  The use of search engines a method of delivery is neither new nor is it particularly inventive but its a trend we can expect to continue to see.  In the past search engines haven’t made any determination on the content they indexed or done anything to shield users from this content.  Thankfully those days are over and most major search engines are making an attempt to address the issue of these indexed bad actors.

Google/Stop Badware
Google, (in coordination with partners PayPal, Mozilla, Lenovo, AOL, VeriSign, Trend Micro and Consumer Reports WebWatch) are attempting to address this ever evolving problem with the Stop Badware project.  The project brings together industry, academia and volunteers who are dedicated to making the Internet a safer place.  With the involvement in this project Google is able to flag sites that might contain malware in your search results.

Validating or Reporting a Malware Site to Google

Thankfully, Google has a way to report a malware sites and have them removed from search engine results.

Yahoo SearchScan
Yahoo is also currently in Beta testing of  McAfee SiteAdvisor to protect its search results from malware inclusion.  Just as in the case of Google you will see a warning that a site could potentially contain malware on the SERP (Search Engine Results Page.)

Validating or Reporting a Malware Site to Yahoo
To validate or report a site you can visit SiteAdvisor directly.  One can even join the SiteAdvisor community and make the web a safer place by reporting sites that propagate malware.  See

Reporting a Malware Site Elsewhere

If you find a malware site and want to take further action you have several options for reporting it.  If the site is inside the United States you can report it to the FTC or if the site is international you can report it to eConsumer.


Conclusion – Do your part
It is important to recognize that we face a never ending uphill battle with malware’s inclusion in the search engines. Criminals make billions from all of these crimeware activities and they are likely to evolve around any effort to thwart them.  As these sites are shut down millions more pop up elsewhere so it’s a never ending battle. No single search engine is immune to indexing these threats.  The good news is that we as upstanding members of the Internet community can report them have their sites shut down.  So I encourage you to take an active role by getting involved with these projects or report any suspicious sites you may find.  We all have a role in making our Internet a better place.

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Internet SecurityTagged , , , ,  |  Leave a comment

Leave a reply