Feb. 13, 2012 at 10:42 AM ET
A new security report warns of malware networks ("malnets") lurking within Google and other search engines, driving unsuspecting Web surfers to sites where they might share their personal or financial information to unintended parties.
The Blue Coat Systems 2012 Security Report details the online threats that snared victims in 2011 — and will probably continue to do so this year. At the top of the list of vulnerable places online are search engines, where Blue Coat's research found was still the main way people access any kind of information on the Internet.
The report makes these central points:
It's clear from this data that cybercriminals are increasingly using the path of least resistance to create entry points into malnets. The two most popular entry points are Search Engines/Portals and Email. To exploit these as entry points, cybercriminals need only use them as they’re intended to be used by anyone ...
What is known as search engine optimization by businesses is called search engine poisoning when used the same way by cybercriminals. To exploit search engines, cybercriminals need only ensure that their sites rank high in the search results page by providing relevant content. They can exploit the very algorithms that search engines rely on to deliver meaningful results to users to ensure that their malicious results are delivered as well.
And, while not every part of a malnet is malicious, the red dots in the first image above show a preponderance of malicious components such as exploit servers or malware payloads found in search engine attacks coordinated through the largest malnet, Shnakule. According to this research, it dominated malicious activity on the Internet in 2011. Within its bag of tricks for the average consumer, Blue Coat found fake anti-virus programs, pornography, gambling, "malvertising" and work-at-home scams.
Cavka, with a focus on scams, was another malnet prominent in North America.
Search engines were especially prone to malnet infection on and prior to Cyber Monday. The unofficial sales day, which falls on the Monday after Thanksgiving, has grown in popularity over the years, reaching a record of $1.25 billion in sales in November. It's such a landmine for consumers, security experts usually give advice on how to play it safe on Cyber Monday.
While search engines are vulnerable on a daily basis, they are protected, to some extent from malware that thrives on the traffic from headline makers. In 2011, the events that were likely to snag victims through emails and social networks were the Japan tsunami and earthquake, Prince William's royal wedding, and the deaths of Osama bin Laden, Steve Jobs and Amy Winehouse.
Blue Coat's research explains why search engines are, in these cases, a little safer:
Interestingly, attacks that use search engines as the primary entry point typically do not target these big news events. Rather, they target a variety of search terms to cast a wide net. Potential victims searching for news about the current big event are often shielded from malicious results by the sheer volume of legitimate sites with actual content.
The report warns of these 2012 events as potential magnets for malware to tap into: presidential elections, the release of the new iPhone and iPad, the summer Olympics in London and the "End of the World" on Dec. 21.