Google launched its streaming search engine yesterday called Google Instant, which provides people with instant, real-time search results, and also opens the doors to search engine optimisation (SEO) poisoning and other problems, according to insecurity experts.
The problem comes from hackers who create malware or fake antivirus programs and then manage to poison Google’s search results in order to get their software high on the list. This is often called blackhat SEO, as it will use traditional SEO tactics but for malicious reasons.
All search engines, but Google in particular, are at risk of blackhat SEO and that is not a new problem. However, because Google Instant literally searches for everything as you type, you could be forced into a situation where you are unwittingly searching for rogueware.
“As a test, I thought I’d search for ‘antivirus’ and see what suggestions came up. Lo and behold, Antivir Solution Pro, a well-known rogueware infection was amongst the suggested search terms,” said Sean-Paul Correll, threat researcher at Pandalabs and founder of the Malware Database.
For those who are not familiar with the rogueware, they may consider it legitimate, download and install it, resulting in their computer being infected. The fact that the rogueware was second on the list of suggested terms makes this a worrying possibility, as it amounts to Google’s search engine recommending malware. It is also interesting to note that the fourth suggested search term is for the removal of that same rogueware.
“Let’s segway from the problem of malicious search suggestions and get right down to the real problem here,” Corell said. “I’m more concerned how this new technology can potentially improve existing Blackhat SEO campaigns. We know for a fact that most Blackhat SEO campaigns automatically query Google’s trending topic results and now it seems that Google Instant will be suggesting those trending phrases (verbatim), potentially putting millions of victims directly in cyber criminals cross hairs.”
In an interview with TechEye in August, Adam Bunn, Head of SEO at Greenlight, said that he felt it was unlikely that Google would roll out Google Instant and that even if it did, it was unimpressive and added very little for users.
He also said that he believes it would not have a significant impact on SEO, as the change is mostly cosmetic, as opposed to algorithmic. However, as Correll pointed out, there could be an impact on blackhat SEO, which may make Google Instant less safe than the classic search engine.
“Only time will tell, but we can see Google Instant aiding Blackhat SEO campaigns real soon,” Correll said.