The Hidden Dangers of Bing & Google Image Searches

, Another rant from , 3 Comments

submit to reddit

I like to think I’m pretty ‘on the ball’ when it comes to avoiding dodgy websites. It’s been many, many years since I’ve visited a site that is clearly looking to destroy my computer or steal my data via installing specialised video players or running odd looking EXE files. How so many people still manage to get stung by these types of sites baffles me. I mean, they always look so obviously suspect. How can anyone not tell that it is clearly a scam?!

But I live in my little tech nerd bubble that exposes me to more than the average joe when it comes to how search results work, dodgy websites, scamming practices and what to look out for and avoid. Then something like this pops up and changes it all.

It turns out one of the biggest culprits for malware (malicious software) these days is via image searches on Google and Bing. An by biggest, I mean really big! A report from Sophos (a US based internet security developer) has found that up to 92% of malware from search hosted platforms can be attributed to being sourced from Google and/or Bing image searches.

Image Search Dangers

Holy Crap!

I almost never question where an image is hosted when doing an image search. I just find the most relevant image – whoever has it – and click away.

For a little while now, my opinion has been that Google is better at search results, maps, video, display ads (everything pretty much), yet Bing has got image search nailed! I love Bing image search. It seems to have targeted results a little better than Google, and the display and UI is a lot nicer.
But it turns out Bing image search is responsible for 65% of malicious search hosting results – Google sits around 30%. That’s huge! Scarily huge!

How it works

  1. A site figures out that a particular image is very popular. For example – Popular Memes, celebrities, logos, cats in costumes.
  2. This site then optimizes their content – in particular Image content – to get that picture to rank.
    In the case of these Malware sites, this is usually via Black Hat SEO practices. (Black Hat SEO = dodgy spammy ways of scoring quick wins for SEO using tactics that violate search engine terms and conditions).
  3. The black hat tactics shoot the particular image to the top results of image searches very quickly
  4. Unsuspecting Google/Bing user comes along, clicks on the image; which by default accesses the site containing the malware.
  5. User downloads image (or files) from the suspect site.
  6. Users computer is now infected with Malware – usually unknowingly.

How to protect yourself

Stay the hell off suspect looking websites

Easy to say I know, but in the case of image searches, ensure the URL that the image belongs to is trustworthy. Remember: accessing a picture, is accessing a website – even if you don’t see the rest of the site. Make sures it’s not a harmful one. Both Google and Bing display the site that the image belongs to in their search results, prior to clicking. Pay attention to this detail.

Browser Security

Most browsers these days have different levels of security you can assign to your searches. Make sure you know how yours is set-up. Chrome and Firefox are the most secure I’ve found. If you’re running Firefox, download the WOT extention. It’s a Firefox add-on that will assist greatly in keeping you off harmful sites.
Oh yeah, and get the hell off Internet Explorer too – I say this on behalf of every web developer in existence too. The older versions in particular are full of security holes, and it’s just a horrible, horrible browser.

Emma Watson MalwareEmma Watson will destroy your computer

Emma Watson – you know, the girl from Harry Potter – has been listed number one in the 2012 McAfee Most Dangerous Celebrity list. The celebrities who’s search results are most likely to contain harmful material. Megan Fox, Jessica Biel and Sofia Vergara also made the list (Dammit, it’s always the really hot ones – you never see Rodney Dangerfield or John Candy on these lists for some reason. Not sure why…). So be careful with those ‘in demand’ pics you may look for now and then. If they’re popular with the general public, they’ll definitely be popular with malware developers and scammers.

If it’s a top ranking page, it’s not necessarily trustworthy

Some pages even manage to hijack URLs from trustworthy sites. Be sure to take note of any URL in your browser address bar when you’re downloading anything. If something doesn’t seem right, then don’t risk it.

So that’s about it.
Heaven forbid that you think I am suggesting the world should stop searching for images of Megan Fox, but just be careful where you’re getting these images from. Google and Bing do a pretty good job of ensuring this harmful stuff doesn’t find it into your search results in general, but there are still holes – particularly in images searches – that need fixing.

Be careful out there. The last thing you want is Hermione Granger stealing your data.

 

3 Responses

  1. Mary Ann

    January 24, 2013 12:23 AM

    All well and good, and a helpful article, but what about lesser-known search engines? I use Ecosia.org [http://ecosia.org/index.php] for all my internet searches, image or otherwise. I use them because of their ecological donations. Any insights on their safety?

  2. Mark Wheadon

    April 24, 2013 9:34 PM

    Mary Ann FWIW, Google is a (the?) class leader when it comes to sorting the wheat from the chaff, so the chances are that other search engines will be easier to fool into thinking a spam page is genuine…

  3. Levi

    June 13, 2013 11:24 AM

    I can’t believe people still have problems like this. You people need to get avast! antivirus… it’s 100% free… I have not had one virus, not one bit of adware/malware or trojans since I installed this over FIVE years ago. I’m dead serious. You don’t need extra add-ons or extensions in your browser for security-sake… All that does is slow down your web browser.