14 DAY TRIAL // Search engines should improve their advertisement techniques as it seems that malware spreading websites might appear to users who were looking to download things like Skype, Firefox or Adobe Player.
The GFI Labs blog revealed their discovery after noticing that something was fishy after the websites behind the links appeared to be a bit off.
While hiding behind what seemed to be genuine link belonging to Yahoo and other known portals, the connections led to rogue sites that kept redirecting the user.
It seems as all the malicious links reroute to a domain called “en-softonic.net”, which is packed with malware just waiting to be downloaded by unsuspecting people.
For instance, the Firefox install kit actually releases a rootkit that runs Internet Explorer in the background and performs automated clicks on advertisements. The discovered Win32.Malware!Drop also makes redirects to malicious websites when Google is used to seek something.
Yahoo and Microsoft were alerted on the issue and promised to take care of it.
Just out of curiosity, I've tested the response time of the popular search engines to a matter like this. It has been more than an hour since the post was made on GFI's blog.
On a simple search for “download Skype,” it's clear to see that Yahoo has done nothing yet, as the attack page is still on top of everything else appearing as a sponsored link. Bing on the other hand didn't completely remove the links, but it seems to have shut down advertisements all together.
A “download Skype” search will still pull up the infected pages, but at least their not advertised.
A threat like this should be taken seriously, but it seems that Yahoo's management problems are taking their toll on the way the website functions.
Check back after a while as I will keep you posted on the activity of the search engines in relations to the matter. Let's see how long it will take to completely remove the “bad seeds.” Place your bets, people! UPDATE! 3 hours later Bing got rid of all the links from appearing on the first page but they are yet to be removed from their search results. Yahoo has made no improvements, the malware containing website still being sponsored.
UPDATE 2! 20 hours later Yahoo removed the link for "skype download" from sponsored links but on writing "download skype river park" (river park being the name of one of the infected websites), it appears that the page is still indexed in both search engines.