Google's Instant search facility leads to malicious results

Last week saw the release of the latest technology from Google to allow for faster searches, though security concerns have already been raised.

Google called Instant ‘a new search enhancement that shows results as you type', which pushes ‘the limits of our technology and infrastructure to help you get better search results, faster'.

The development came from an insight that people type slowly, but read quickly, so the concept is to scan a results page while you type. Effectively it removes the search button with results displayed alongside the text box.

Among the smarter predictions and instant results, there were many concerns cited over the service.

Luis Corrons, technical director of Panda Security, said that there was security concerns when it comes to cyber criminals using Google results as a way to spread malware following the top search terms that people are using in Google searches in order to create fake websites.

He said: “Google is a very innovative company, and they are always looking for new ways to improve the user experience. In light of the launch of the new Google Instant search engine, there is a risk that cyber criminals are going to abuse this new tool.

“As users type searches into the real-time engine, the opportunity for cyber criminals to infect users through black hat search engine optimisation (SEO) campaigns is increased, and Google are potentially putting millions of users at risk. Users should exercise caution when clicking on unknown links and URLs.”

A detection by Websense found that there were malicious search suggestions appearing as soon as the technology was announced. It said that a search for ‘anti-virus' produced an ‘Instant' result for Antivir Solution Pro, a well-known rogueware infection that was amongst the suggested search terms.

It said: “Let's segue from the problem of malicious search suggestions and get right down to the real problem here, we are more concerned how this new technology can potentially improve existing Blackhat SEO campaigns.

“We know for a fact that most black hat SEO campaigns automatically query Google's trending topic results and now it seems that Google Instant will be suggesting those trending phrases (verbatim), potentially putting millions of victims directly in cyber criminals' cross hairs. Only time will tell, but we can see Google Instant aiding black hat SEO campaigns real soon.”

David Harley, senior research fellow at ESET, told SC Magazine that he thought the introduction of such technology "is part of their [Google's] model that they have to meet the immediate use for it to give it a go".

See original article on scmagazineus.com