Contrary to popular belief, internet users are shown to be more at risk of downloading malicious content while using popular search engine websites such as Google, Bing and Yahoo than they are using email.
New research conducted by Blue Coat Systems shows that a whopping 40% of the time users unwittingly find malware through poisoned search engine results. The same Blue Coat research shows email as a threat vector is a distant second at just 11.6%.
"Because users are well aware of the threat of email malware, they exercise a fair bit of caution while opening links, attachments and emails from unknown sources. Unfortunately these same users are far less suspicious of search engine results," says Dave Ewart, Director of Product Marketing EMEA at Blue Coat Systems.
"While using a search engine, we are mentally predisposed to click on things because we are exploring. Research has shown that users are most likely to click on one of the first few links that result from the search query. Cyber criminals are now exploiting this behaviour and by using the same techniques that legitimate organizations use for search engine optimization, they manage to have their tainted links listed high up in the search results," he added.
The research by Blue Coat also uncovered another surprising fact; it is not the search results for information about major news events or celebrities that are most likely to lead to tainted links.
Broadly searched terms on mundane topics such as recipes and sample letters accounted for 42% of successful search engine poisoning attacks.
"While most organizations have warned users about the risks of malicious content turning up in response to popular web searches such as big world events, popular celebrity news, and other headline news events, our research into the actual success of these attacks has shown that it is the more commonly searched topics that pose the greatest risk. The reason for this is the 'clutter factor'. With so many legitimate sites covering big events such as the Olympics, it is hard for cyber criminals to consistently get their pages into the top results where people might actually see and click on them," says Ewart.
Since it is so difficult to penetrate the top ten search engine results with poisoned results on big events, the cyber criminals have shifted tactics to social networking, chiefly Facebook and Twitter.
Many people use these sites as news sources for breaking news, so they are primed to be looking for content. These sites also have much less experience in filtering out bogus or dangerous content, so it is easier for attackers to exploit them.
Furthermore, the research shows that non-English Search Engine Poisoning (SEP) attacks consistently placed a higher number of poisoned links in the Top 10 results than English SEP attacks.
Users therefore need to be wary of the domain names of the sites which turn up in their search results as there are higher possibilities of infection from domains such as .ru (Russia) and .cn (China).