Search Engine Poisoning not a big issue during Olympics, says EMEA expert

Following previous research into Search Engine Poisoning (SEP) attacks, Blue Coat Systems released its findings on this type of attack during the 2012 Olympic Games. The research has shown that of the 28,227 successful SEP attacks, which took place during the 26 days leading up to the Olympics and the first 13 days of the Olympics, only 52 involved search terms that were related to the Olympics.

This relatively low figure of just 0.18% is in line with earlier research that showed Internet users are less vulnerable to Search Engine Poisoning attacks when searching for information about major news events.

"Search Engine Poisoning has become the preferred attack vector by cyber criminals. Over 40% of the time, users unwittingly find malware through poisoned search engine results. This is in stark comparison to email which is still considered to be a prime cause of malware. Our research has found that email is responsible for only 11.6% of malware infections," said Dave Ewart, Director of Product Marketing EMEA at Blue Coat Systems.

Analysing the data collected during the Olympic period, Dave Ewart said, "Although there was a lot of searching for Olympics-related content during July and August, the vast majority of those searches ended with clicks to legitimate news and blog sites. While there were reports of Olympics-related malware and scams, e-mail spam and social networking (Facebook and Twitter) were the attack vectors - not search engine poisoning."

Contrary to industry myth that 'big events' drive these types of attacks, this research from Blue Coat confirms that big events do not make for successful Search Engine Poisoning attacks.

The reason for this is the nature in which Internet users utilise search engines. A 2011 study of 8 million clicks by the online advertising network, Chitika showed that 94% of users clicked a first page result. For major world events, the first page is most likely to carry links from legitimate sites that are known and trusted by search engines. This makes it far too difficult to get poisoned search engine results high enough in the search page rankings for users to click - the mark of a successful SEP attack.

"Internet users are far more susceptible to SEP attacks when conducting searches on everyday topics such as recipes or sample letters. Thanks to the fact that email malware has been around for a while now, users are sufficiently well informed and cautious about this. Unfortunately, not enough has been said about Search Engine Poisoning which is why it has been so successful. The sooner users begin to understand that they cannot blindly trust their search engine to protect them from malicious content, the better protected they will be," concluded Ewart.