Google Search: More Links Are Malicious Than You Realize

It is not uncommon to find malicious links in 15% to 20% of the first 100 results returned by Google for any popular search term (according to Google trends). If Google doesn’t take the Blackhat SEO problem more seriously, the total number of malicious links is bound to increase and this may already be happening.

The top search on April 2^nd was “tri energy”. I am not sure why it became so popular, but don’t google it: more than 90% of the first 100 links are malicious! Here is what I found for this search on April 4^th:

 

One of the too few warnings from Google

Same search on Bing and Yahoo

For the same search, Bing did not show any malicious links. Yahoo! displayed 4 malicious links on pages 2, 6 and 7. At this point, I’m not sure if Bing and Yahoo! do a better job at cleaning up their search results, or if they are simply slower at picking up new pages.

8 hours later

I have re-scanned the Google results 8 hours later and things are a bit better. There are still only 10 legitimate links in the first 100 results, but Google displays a warning for 87 links. Only 3 malicious links redirect to a harmful site.

 

Google warns the users to not follow these links. Why do they even show them?

Not an exception

This number of malicious links may be extreme in this example, but the overall problem of attackers leveraging SEO optimization is not rare at all. For the same day, the #5 Google Trends search term,  “epic google”, 50% of the first 100 links are malicious. For the #2 search term, “mendicant”, 38% of the links are malicious. It took 2 days to Google to start clean up the results, from April 2^nd to April 5^th in the morning.

I do not understand why Google decides to include malicious links in their search results. Depending on the user’s browser version, clicking on these links can be harmful to users, or display useless content. In both cases, users do not want to visit these sites.

-- Julien