Google Hot Trends Dictate Malware Targeting

Spammers and scammers are increasingly using Google to identify topics that will tempt people to open malicious messages and click on malicious links. They're also gaming Google's search system to target people seeking answers to The New York Times crossword puzzle.

"In July, there was an increased prevalence of spammers utilizing Google's trending topic information as a method to determine new social engineering tactics," says the August threat forecast issued by MX Logic, a messaging security company.

Google Hot Trends provides a periodically updated list of the top 100 search queries. Using this information, cyber criminals can create links associated with trending search terms on various Web sites that point back to their malicious site.

Because Google's PageRank algorithm treats links as votes for higher prominence in search results lists, malicious sites can be promoted to the top of search results pages by gaming Google's system. This tends to generate a lot of traffic due to the popularity of the search terms.

This isn't a new problem for Google, which has been dealing with link spam and PageRank manipulation for years. In a blog post in February, Craig Schmugar, threat research manager for McAfee Avert Labs, noted that Google Trends was being used to target malware and that Google subsequently appeared to have removed the malicious pages from its index.

"We work hard to protect our users from malware," a Google spokesperson said in an e-mailed statement. "Many of these results have been removed from our index. However, this issue affects more than just Google, as these sites are still part of the general Web. In all cases, we actively work to detect and remove sites that serve malware from our index."

Google says that it uses manual and automated processes to deal with such issues and that it continues to look for new ways to prevent the problem.

A highly-targeted form of interest-driven attacks is being directed at people who use Google to help them solve The New York Times crossword puzzle. Google searches for puzzle clue phrases have started returning links to malicious Web sites.

According to The New York Times, one of the paper's legal counsels explained in an e-mail that the scam works because of the rarity of the phrases used as crossword puzzle clues. Creators of malicious sites can easily appropriate puzzle phrases to make their sites rank prominently in Google searches.