Number of Malicious Links Accessible Through Google & Twitter Goes Up

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Search engines failing at detecting and flagging malware
Twitter, Google, and other search engines such as Bing, Yandex, and Faroo are increasingly flooded with malware, according to trends tracked by the AV-TEST laboratory.

The team of researchers says they've tested 80 million links found in search engine results in 2015, and another 81 million in 2016. The results of this scan revealed the presence of malicious content in 18,280 sites in 2015, and in 29,632 sites in 2016.

Historical tests from 2013, when AV-TEST examined 40 million sites, clocked malware URLs at only 5,060 sites, showing a continuous growth for the past years.

Google Safe Browsing falls short when flagging malicious links
For the 2015 and 2016 tests, AV-TEST also says it double-checked the results of its internal scanning system against Google's Safe Browing API, which they say failed to identify all threats.

In 2015, for the 18,280 sites AV-TEST discovered, Google flagged only 9,725 results, while in 2016 Google Safe Browsing had a better batting average of 19,794 warnings out of 29,632 malicious links.

EXE files are the most common method of delivering malware
But there are different types of malicious content found on these links, such as tech support scams, phishing pages, or sites pushing malware-laced downloads.

When it comes to the latter category, which includes sites pushing actual, downloadable malware, AV-TEST says that 60 percent of these threats tried to start a direct file download just as the user landed on the site, while the rest tried to execute code snippets, or use Flash or Java exploits, reminiscent of exploit kits.

The top five of the most commonly pushed file types includes EXE files, ZIP and RAR archives, SWF Flash objects, and MSI installers, in this order.

Twitter also affected
Besides search engines, AV-TEST says it also analyzed tweets shared on Twitter. Experts stated that they scanned over 315 million tweets in 2015 and another 200 million in 2016.

Despite the smaller number of links analyzed in 2016, AV-TEST says it found 1,500 links leading to malware threats, while it only found 1,100 malicious links in 2015.

"It is important to point out that search engine operators are not virus hunters," said Maik Morgenstern, CTO of AV-TEST GmbH. "It is an additional job that they do not perform entirely on a voluntary basis."

Analysis overview
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I had no idea the stats were that high, wow
Great share Solar ;)
Whats the best defense in your opinion besides smart click habits ?
I use a No Script & AdGuard (system wide) combo.
What would you add ?
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
I had no idea the stats were that high, wow
Great share Solar ;)
Whats the best defense in your opinion besides smart click habits ?
I use a No Script & AdGuard (system wide) combo.
What would you add ?
You can try out Bitdefender Traffic Light or Avira Browser Safety extension for Google Chrome (for Firefox), both should block plenty of malicious URLs for free.

 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
You can try out Bitdefender Traffic Light or Avira Browser Safety extension for Google Chrome (for Firefox), both should block plenty of malicious URLs for free.

Yeah I like Traffic Light. I use it in Firefox.
I have not thought about adding it to Vivaldi, which is my default browser now in both
Windows and Linux. Https everywhere still works in Vivaldi too, just a "heads up"
Thanks for reminding me about Traffic Light ;)
 
W

Wave

29,632 sites in 2016
Out of 81 million links I do not think that is even that bad, I expected the count of malicious sites found out of those 81 million links to be much higher, most likely around 50,000-100,000 malicious links minimum.

Thanks for sharing @Solarquest! This was an interesting read :)

------------
However, with the usage of ad-blockers (e.g. uBlock Origin\Adguard) and/or good web protection from AV/IS security (or an extension for this), you will be much better protected in-case of you visiting any malicious URLs from search engines accidentally. Without that being said, if you aren't click-happy and you only visit trusted URLs (therefore you don't aimlessly visit random sites - also checking the domain name for suspicious patterns prior to visiting unknown websites is even an addition to helping you), you will be better protected by default.

Utilisation of a sandbox (such as Sandboxie) or using a Virtual Machine (such as VirtualBox or VMWare) for browsing/downloading is also an addition for improved protection - the sandbox method is most likely more convenient for a majority of users though.

If you wish to visit an untrusted URL you can also scan it at an online scanner service such as VirusTotal. MetaDefender (previously known as MetaScan) supports scanning for IP addresses (for it's databases).
 

soccer97

Level 11
Verified
May 22, 2014
517
I have noticed an uptick in this in the past year or two. Search for something- You look at it and think: The title seems relevant - then you see the link that leads to a foreign domain known for malware along with the misspelings in the text part of the search result, or one I haven't seen often (.co, .nl, ....).

SEO or search engine manipulation, and even AdWords can sometimes lead to malicious domains happen. Sometimes if you Google (ex: Avast or Microsoft support, you notice all of the unofficial ones that are either 'Paid Services', and unofficial support sites (excluding legitimate support forums such as this and a few others).
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Honestly, teaming up with fellow security companies will just boost up tue campaign to flag out those malicious links.

Why not create their own unique techniques to block sites since their bots are actively indexing any websites in the internet? I could not see any reason to not improve their protection basis.
 

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
I had no idea the stats were that high, wow
Great share Solar ;)
Whats the best defense in your opinion besides smart click habits ?
I use a No Script & AdGuard (system wide) combo.
What would you add ?

On my "Fort Knox" pc I also use WOT with warning before opening a webpage (and another one I cannot remember right now, the simbol is a red flag).
...and voodooshield.
If your AV is good and has a good anti-exploit you should be pretty safe.;)

If you have sensible data on your pc or e.g. you do online banking I would also think at VM/sandboxie/SD and at back-up.
I have a fort knox pc only for safe stuff, e.g. online banking, payments etc and a laptop for mails , surfing etc...
 
Last edited:

soccer97

Level 11
Verified
May 22, 2014
517
Honestly, teaming up with fellow security companies will just boost up tue campaign to flag out those malicious links.

Why not create their own unique techniques to block sites since their bots are actively indexing any websites in the internet? I could not see any reason to not improve their protection basis.


I agree, and I have let a company know when I noticed this (if it was a fake support link).

One time I came across a random site I was going to visit and it said "This site may have been hacked". I picked up the phone after I found their contact info another way - and the agent immediately let IT know.

I think there may be a 'report' link, and if not it may be a good idea. Ultimately, it can't be perfect. Sometimes they can beat the algorithms for a few days.
 
  • Like
Reactions: Der.Reisende

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
Honestly, teaming up with fellow security companies will just boost up tue campaign to flag out those malicious links.

Why not create their own unique techniques to block sites since their bots are actively indexing any websites in the internet? I could not see any reason to not improve their protection basis.
Facebook actually did that
ESET and Facebook Partner to Combat Malware

Now let's see if Google, Twitter, and others do the same.
 

soccer97

Level 11
Verified
May 22, 2014
517
Facebook actually did that
ESET and Facebook Partner to Combat Malware

Now let's see if Google, Twitter, and others do the same.



Yes, you are right @AzurePhoenix, and that reminds me that the Social Media Scanner is part of ESS or myeset. It's enabled in my twitter account (I think it still is).

Very good point- and Google's Search Results would be a huge improvement- but they are trying.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top