We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Rogue antivirus lurks behind Google searches

Click on Google's picture of the day and get scammed

In Esperanto the word is 'malica'. It means malicious and it's the best way of describing many of the search results Google visitors got Tuesday when the clicked on Google's front-page Doodle sketch, dedicated to Esperanto's creator.

It's the latest example of just how good scammers have become at manipulating Google search results. For months now, they've followed Google's Trending Topics section and then used search engine optimisation (SEO) techniques to push hacked web pages up to the top of Google's search results, security experts say.

They do this by flooding hacked pages with keywords that are then recorded by Google's search engine.

Hackers have several ways of getting their code on legitimate websites - lately they've focused on stealing FTP login credentials, according to Dave Michmerhuizen, a research scientist with Barracuda Labs.

The hacked sites that pop up when one clicks on Tuesday's Google Doodle include a hair salon in New Jersey, an Texas tree company, and a science fiction group.

On Tuesday, clicking on the illustration on Google's front page commemorating the 150th anniversary of the birth of Esperanto's creator L. L. Zamenhof, generated an awful lot of malicious search results - taking visitors to dodgy advertisements or pages that tried to trick visitors into thinking their computers were infected and paying for fake antivirus software.

These results remained steadily in the top 5 to 10 search results for people who clicked on the Google doodle link yesterday, and often filled up about half of the first few pages of results, Michmerhuizen said.

"I see this all the time," he said. "Poisoning a trend is nothing new, but in this particular case, it's a search where you actually click on Google's logo and you get results back from sites where half of the links have been compromised."

A Google spokesman said that this type of problem affects other search engines as well. Google is aware of Tuesday's Doodle problem and has "already removed many of these sites from our index," he added.

"To do this, we have manual and automated processes in place to enforce our policies," he said. "We're always exploring new ways to identify and eliminate malicious sites from our index."

See also:

PC security advice


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

The 13 most inspirational Tim Cook quotes