Searches on Bing returned five times more links to malicious websites than Google searches, according to an 18-month study from German independent testing lab AV-Test. Though search engines have worked to suppress malicious results, the study concluded that malware infested websites still appear in their top results.

The study looked at nearly 40 million websites provided by seven different search engines. About 10 million results came from Bing and another 10 million from Google. 13 million sites were provided by the Russian service Yandex, with the rest coming from Blekko, Faroo, Teoma and Baidu respectively. Of these 40 million sites, AV-Test found 5,000 pieces of malware—an admittedly small percentage of websites.

Google the Safest

The study concluded that while all the search engines the lab evaluated delivered malware, Google delivered the least. It was followed by Bing, which returned a disconcerting five times as much malware as Google. Yandex, the Russian website, delivered 10 times as many malicious sites.

Thankfully, the 5,000 pieces of malware the study found are concentrated in Yandex results—which had 3,330 malicious links out of the 13 million the AV-Test looked at. Bing had a little under half that, with 1,285 malicious results out of 10 million pages. Google returned a mere 272 malicious results in 10 million while Bleko had even fewer: 203 out of around three million.

SEO Optimized Malware

To move their malware-ridden spawn to the top of Google's search results, the bad guys are using tried and true search engine optimization tactics—the very same used by corporations and bloggers. According to AV-Test, the attackers use a very simple trick, "they first create a multitude of small websites and blogs before selecting the most frequently used search terms from top news stories and using backlinks to optimise these terms for search engines."

The study went on to say that users "are the least suspicious" when they see a search result attached to a hot news story. More troublingly, AV-Test reports that sites with Trojans or other malware are returned as "top" results.

How Safe Are You?

If you're a Google user or even a Bing user, the chances that you would encounter a malicious website in your search are low. Doing some quick arithmetic, it looks like the chance of a Googler hitting malware is about one in 40,118 36,765.

Of course, those odds are repeated billions of times a day. "[It] is important to remember that Google alone deals with a phenomenal total of 2 to 3 billion search requests worldwide every day," reads the study. "If this total is factored into the calculations, the total number of websites containing malware found by the search engine is enough to make your head spin!"

In 2009, Google reported it handled around 320 million searches a day for America alone and around 2 billion worldwide. That's potentially over 50,000 malicious sites a day.

Usually, I tell people they can stay safe by being smart, but in this case it's a bit more complicated. Google is a service people trust, and most users don't consider that malicious sites are playing a numbers game. Instead, users assume that they're safe because they're not important or targeted. The fact that attackers are going out of their way to make their websites attractive for clicking doesn’t help.

Security software can go part of the way, as many will screen your web browsing for potentially dangerous websites. Most modern browsers, like Google Chrome, have anti-malware baked right in.

It is, however, heartening to see that the number of malicious results from Google is so low. I certainly hope that Bing can follow suit and get their numbers down as well.

Further Reading

Security Reviews