NEWS FROM THE LAB - Tuesday, March 2, 2010

I'm Feeling Lucky? Posted by Sean @ 16:24 GMT

Criminals like to attack the biggest target because BIGGER generally provides a better Return On Investment (ROI). Windows is a good example. Mac is indeed safer than Windows but it isn't necessarily because Mac is more secure. Windows has a larger market share and that equals more potential victims.

How about search engines? What is the biggest search engine on the block? Google — and the bad guys know it. The result?

It's becoming less and less safe to search via Google.

Yesterday, I was testing Internet Explorer 8 and made a typo in the address bar. Instead of update.microsoft.com I used updates.

There is no such domain, so Microsoft Bing kicked in and I ended up with the following search results:

I'm feeling lucky?

What? No results?!?

So I searched for updates.microsoft.com with Google.

I'm feeling lucky?

Did I mean update? Yeah, I guess so… Thanks.

Bing's results seemed sort of odd so I examined the settings and it turned out to be some idiosyncrasy of Finnish based results.

Changing the settings to the United States produced the following:

I'm feeling lucky?


I continued testing Bing. Here's a Bing search for microsoft updates:

I'm feeling lucky?

84,700,000 results.

Here's a Google search for the same:

I'm feeling lucky?

90,900,00 results.

But how about something timely? Using Google trends, I found a hot search topic.

Minnesota's appliance rebate program has 5m dollars to give its citizens for buying energy efficient appliances, e.g. refrigerators.

The program launched on Monday and its web site was quickly overwhelmed; the event generated many searches.

Here's the Bing search for "mn appliance rebate":

I'm feeling lucky?

25,300 results.

And Google?

I'm feeling lucky?

31,300 results.

But here's an important difference — I didn't find any harmful links from Bing's results.

Google, on the other hand, had many bad links. This was the sixth result on the first page:

I'm feeling lucky?

Clicking the link launched a rogue scam:

I'm feeling lucky?

And then I was given the typical scan scam crap that is so profitable for the bad guys:

I'm feeling lucky?

The site pushed this file:

I'm feeling lucky?

It's now detected as Rogue:W32/FakeAlert.LB.

The folks at Google work hard to filter out harmful search results, but it's a difficult task.

The bad guys are constantly working against Google and they often get past their defenses long enough to infect victims. So what can you do stay safe? Avoid monoculture — try something else.

Because soon enough… Bing just might be the search engine that you want to bring home to your mom.

Google has been around and is simply receiving too much attention from the wrong sorts of guys.

Ask you yourself this: Do you feel lucky?

I'm feeling lucky?

Signing off,