14 DAY TRIAL // Security researchers fear that Google's new Instant Previews feature can mislead users into trusting malicious links pushed through black hat SEO techniques.
Black hat search engine optimization (BHSEO) is a very popular attack vector, commonly used by malware distributors to direct traffic to malicious websites.
Cybercriminals artificially increase the search engine rank of rogue Web pages for particular keywords, which are of interest to a lot of people at a given time.
The targeted search phrases are determined by closely monitoring Google Trends or by scouting news websites for announcements bound to generate Internet buzz.
Pushing a site at the top of search results is done by automatically generating content, like text and pictures, related to the targeted keywords.
The resulting pages are served to Google's crawlers for indexing purposes. However, when real users try to access them, they get redirected to third-party malicious sites.
Last week, Google introduced Instant Previews, a feature displaying a preview of the target website when users click the magnifying glass next to a search result. It also highlights the relevant portion of the page.
This is a neat functionality, which allows users to determine in advance if a particular result warrants their attention or not. However, the previews display pages as seen by the Google's bots, which can be misleading when it comes to BHSEO-promoted results.
"Using Google's Instant Preview on the malicious search results may lead users into believing that the links they're clicking on is actually safe when in fact it's not," warn security researchers from Websense.
"Instant Preview returns a very legitimate looking page, complete with pictures and relevant words. To unsuspecting eyes, it looks clean. Of course, when the user clicks the link, they will be redirected to the fake Firefox Update page," they explain.
