Feeds

Scareware slingers stumped by Google secure search

Scam sites can't game search results

Build a business case: developing custom apps

Last month Google made secure search the default option for logged in users – mostly to improve privacy protection. But there is a beneficial side-effect - it is harder for fraudsters to manipulate the search engine rankings of scam sites.

Users signed into Google are now offered the ability to send search queries over secure (https) connections last. Search queries sent while using insecure networks, such as Wi-Fi hotspots, are no longer visible (and easily captured) by other users on the same network.

When secure search is used Google omits from the HTTP referrer header the search terms used to reach websites. This makes it harder for websites to see the Google search terms that directed surfers to their pages. Also it is harder to tune content without using Google's analytics service.

The change in the referrer header makes life much more difficult for black hat SEO operators, who strive to make scareware portals figure prominently in 'newsworthy' search results. These fraudsters commonly use link farms to manipulate search results.

Fraudsters typically set up multiple routes through to scam sites. Surfers who stray onto scareware sites are warned of non-existent security problems to coax them into paying for fake anti-virus software of little or no utility.

Black hats thwarted

The changes introduced by Google when it launched secure search will leave them clueless about which approaches are bringing in prospective marks and which have failed.

David Sancho, a senior threat researcher at Trend Micro, explains that it is very useful for black hat SEO-promoted sites to know which search term they have successfully hijacked, - information that Google's changes denies them.

"When these sites receive visits from search engine visitors, they will have no idea what search sent them there," Sancho writes. "They won’t have a clear idea which search terms work and which don’t, so they are essentially in the dark. This can have a lot of impact on the effectiveness of their poisoning activities. This is, of course, good for Google as their search lists are cleaner but it’s also good for all users because they’ll be less likely to click on bad links from Google."

Regular no-padlock HTTP searches remain unaltered. Search terms are only concealed where secure search is applied, which means surfers are already logged in to Google’s services.

"Given how many people already use Google Mail and Google+, this may not be such a big obstacle – but it still poses one," Sancho explains. "If people keep using regular no-padlock HTTP searches, they will keep disclosing their search terms and keeping things unchanged."

"The more people use HTTPS, the less information we’re giving the bad guys ... one more reason to use secure connections to do your web searching," he concludes.

Google introduced encrypted search last year but changes that came in last month that make it a default option for logged-in users will inevitably mean that it becomes more widely used, rather than the preserve of security-aware users who are unlikely to fall victim to scareware scams in the first place. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?