Google contains nearly 70 percent of search engine malware

Google holds nearly 70 percent of search engine malware, more than double the amount of Bing, Twitter, and Yahoo combined.

According to a report by Barracuda Labs, called “Barracuda Labs 2010 Midyear Security Report (PDF)”, search engines are a prime target for malware due to the number of people using them.

It found that malware search volumes were as high as 88 billion per month on Google, 24 billion per month on Twitter, 9 billion per month on Yahoo, and 5 billion per month on MSN and Bing.

The substantial volume of people using Google has meant that 69 percent of search engine malware resides there, while Yahoo took second place with 18 percent and Bing took the third spot at 12 percent. Twitter’s search engine was only responsible for one percent of malware, most likely due to its limitations within the Twitter network.

report 1
The report analysed 25,000 popular topics and over 5.5 million search results, finding that 98 percent of attacks were malware, with only 2 percent using zero day attacks. 

It found that Tuesday was slightly higher for attacks, while Wednesday was slightly lower. The other days held a rough average of around 15 percent. 

Time of day was a crucial factor, however, with nearly 60 percent of malware attacks occurring between 11pm and 5am, and around 20 percent occurring between 5am and 11am. Substantially less attacks occurred during average waking hours, suggesting that malware is being distributed well into the wee hours of the night.

report 2

The top categories for malware are spyware and entertainment, with 35 percent and 15 percent of the total numbers respectively. Search engine portals came in third place with 12 percent, while forums, newsgroups, and p2p were also hot topics for malware.

report 3

The report also found that the top search term for malware was “Lois Wilson”, which suggests that a lot of malware producers are either alcoholics or big fans of the silent film era. The second most popular search term was “Hope Dworaczyk”, an American Playboy model, which is much more like what we’d expect for a malware ploy.

report 4