Home
Topics
IT security
Hackers and cybercrime prevention
How does search engine malware spread?

How does search engine malware spread?

Richard Brain, Secure Development

How have search engines been manipulated by attackers to spread malicious code, and what are best practices to avoid search engine malware?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Yes, search engines or 'Web crawlers' have been used to indirectly attack other websites. It's actually quite an old idea which was confirmed still to function fairly recently, when Google was used to carry out RFI attacks and hack into other sites.

Search engines 'crawl' domains by looking for links to other pages or sites. The search engine then opens the link of a website page to find further links.

Search engine attacks have been demonstrated where a malicious link is added to a page, which consists of an attack, or multiple attacks, on other websites; they are then executed when the search engine opens the link. If the attack is successful, visitors to the now infected website would be at risk, and if the malware is sufficiently clever, it would add new links to attack further websites and spread the infection.

I guess such malware would these days be classified as a search engine piggyback virus, as it would not directly perform the attack(s) itself.

As an end user, best practices for avoiding search engine malware are to:

Make sure your computer is fully patched and is running the latest antimalware packages.
Try to only "visit" high-profile secure sites
Disable JavaScript execution on your Web browser if the site is unfamiliar.

Read More

Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK

This was first published in July 2009

Back to top

More from Related TechTarget Sites

CIO
Security
Networking
Data Center
Data Management

CIO
- IT strategies are no way to do business
  
  Fresh off the MIT Sloan CIO Symposium, Searchlight looks at IT strategies, having a blast while building a data center, doing safe search and more.
- City CIO propels open government initiative with technology innovation
  
  IT Leadership Awards finalist, CIO Jonathan Reichental, launched a successful open government initiative by using technology innovation.
- As companies become more data-driven, the CIO role keeps on changing
  
  What's the CIO's role in today's data-driven, mobile, social, cloud business environment? That was a major theme for MIT Sloan CIO Symposium tweeters.
Security
- IT certification guide: Vendor-specific information security certifications
  
  Experts Ed Tittel and Mary Lemons provide a 2013 overview of vendor-specific information security certifications available.
- Introduction: Vendor-neutral security certifications for your career path
  
  Ed Tittel and Mary Lemons offer the definitive primer for vendor-neutral security certifications in 2013.
- SearchSecurity.com's IT security certifications guide
  
  Afraid of making a wrong turn in your career? Our newly updated 2013 guide to information security certifications maps out all your options.
Networking
- F5 Application Acceleration Manager combines WAN, Web optimization
  
  F5 Application Acceleration Manager is a single platform for transport, data center and application optimization.
- Robust network security solutions still lacking
  
  As network attacks grow in intensity, network administrators are still seeking tools to block intrusions.
- Networking blogs: The MapR platform strategy; Tax Day case for IPv6
  
  This week, networking bloggers point out the steady progress of the MapR platform and make a case for the serious adoption of IPv6.
Data Center
- Data center modernization starts with cloud, SDN and virtualization
  
  Some of the technologies driving data center modernization include cloud computing, flash storage, virtualization and software-defined networking.
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.

All Rights Reserved,Copyright 2000 - 2013, TechTarget