Nearly two-thirds of search results on Bing were found to have links that spread malware or spam, compared to 30 percent for Google, said Sophos Security in a recent study.
"Search engine poisoning," as it's called, affects all search engines; it might turn up the link you see first, or high up in results, for example, when you search for a popular celeb like Jessica Biel or Justin Bieber. Clicking on the link can take you to a spam site, or worse, one filled with malware aimed at infecting your computer.
Sophos' Fraser Howard said on the company's blog that he was testing the company's own "Web appliance" for poisoned searches that were being used to drive Web traffic to payday loan sites.
"Taking data from the last couple of weeks for search engine redirects blocked on our Web appliance, it is clear that the majority of the redirects are affecting those using the Bing search engine," Howard wrote.
Microsoft, asked for comment by NBC News, did not directly comment on Sophos' report, but said in a statement that Bing "is able to detect pages consisting of machine-generated spam, keyword stuffing, redirect spam or malware, allowing Bing to effectively remove such sites from results. This is done through constant innovation on finding ways to detect the various evolving versions of the kinds of spam techniques we face."
Also, Microsoft, said, "signals that have been previously spammed now have countermeasures to prevent abuse. Bing has also developed several ranking signals to help weed out spam results and better understand the intent of the searcher. We are always looking to improve the Bing user experience for customers, and remain dedicated to providing a trusted and reliable search experience."
Search engine poisoning is the main way malware is delivered via the Web. Attackers and spammers blast search results with links to what are known as "bait" pages that take users to malicious sites. Many users, who think search engine results are to be trusted, wind up clicking on what can be dangerous links.
"Digging further into the data, it is also clear that the attackers are getting most success from poisoning image search results," Howard wrote.
From the chart shown at left, he said "Clearly the search engine providers are filtering poisoned results far more effectively from regular, text searches."
So what can you do to protect yourself?
"We all rely on the search engine providers managing to filter rogue links out of the search results (text and image searches)," Howard wrote. "The bottom line is that we are all guilty of trusting the results we get back, and clicking through without necessarily scrutinizing the URL as closely as we might."
Symantec has offered these tips for safer surfing when it comes to search engine poisoning:
- "Scrutinize all search engine results thoroughly."
- "Be cautious of pop-up displays and banner advertisements that mimic legitimate displays or try to promote security products."
- "Do not accept or open suspicious error displays from within a Web browser as these are often methods rogue security software scams use to lure you into downloading and installing their fake product."
- "Since malicious attacks can result in the hijacking of open sessions, make sure to log out of websites when your session is complete."
- And, regularly review your credit card and other financial information for signs of irregular activity.