Feeds

Microsoft's search excels in spreading malware

Easily beats out Google and Yahoo!

Providing a secure and efficient Helpdesk

Everybody knows that Windows Live Search, Microsoft's little search engine that could, lags far behind Google and Yahoo! in the race to capture eyeballs. Here's one place where the software juggernaut's offering leads the pack: referrals for sites that actively try to infect end users' machines with some of the vilest malware known to man.

To see for yourself, type "veicolo commerciale noleggio" into Live.com and watch what gets returned. The first result (at the time of writing, anyway) is for a site at b9n3q3.info/yb6u46p76.html, which uses a Javascript to redirect users to another site. This second site actively tries to install several varieties of malware, in some cases the nasty Trojan known as Rustock. This return is just one of many malicious referrals Live.com makes when entering the above search term, which is Italian for "commercial vehicle rental."

According to researchers at Sunbelt-Software, Live.com's affair with malicious sites runs so torrid that malware-related returns on the search engine number in the thousands. Terms that trigger similar results tend to be Italian phrases, including, to name a few, "adsl offerta toscana," "istituto geografico italiano," "dvd da scaricare" and "testi reggae." Sunbelt blogged here about the sludge fest two weeks ago, but Live.com has continued to spew the noxious results unabated. Google and Yahoo long ago managed to filter most of the same sites from their returns.

"I don't think it was very responsible to keep these malware sites up for so long," says Francesco Benedini, a spyware researcher at Sunbelt. "I'm not saying Google and Yahoo! don't have a problem, but it's much more invasive on Live.com."

A Microsoft representative says in a statement that "to the extent that spammers are successful in essentially manipulating results, they will hurt the user experience on all search engines".

That left us scratching our heads for a couple reasons. For one, the same search terms don't appear to generate malicious returns on Google or Yahoo!, so how can the rep claim this is an industry-wide problem? And for another, what does spam have to do with this? We're wondering if our inquiry got mixed up with someone else's.

Some of the crud being returned on Live.com is sneakier than others. Many returned links, for instance one at www.lassi.com.es, don't attempt to infect PCs using a US-based IP address. Machines with IP addresses from Italy and possibly elsewhere are not so fortunate.

This isn't the first time Microsoft's net properties have dished up unsavory offerings. Last month the company admitted its Windows Live Messenger client displayed banner ads promoting an application blacklisted as a security risk. Shortly after Microsoft made the admission, MSN Groups was caught displaying ads for a separate piece of software widely regarded as rogue. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.