Search engines 'crawl' domains by looking for links to other pages or sites. The search engine then opens the link of a website page to find further links.
Search engine attacks have been demonstrated where a malicious link is added to a page, which consists of an attack, or multiple attacks, on other websites; they are then executed when the search engine opens the link. If the attack is successful, visitors to the now infected website would be at risk, and if the malware is sufficiently clever, it would add new links to attack further websites and spread the infection.
I guess such malware would these days be classified as a search engine piggyback virus, as it would not directly perform the attack(s) itself.
As an end user, best practices for avoiding search engine malware are to:
- Make sure your computer is fully patched and is running the latest antimalware packages.
- Try to only "visit" high-profile secure sites
Related Q&A from Richard Brain
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ,...continue reading
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the ...continue reading
Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using ...continue reading