Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Search Engine Optimization Poisoning Way Up In '10

CmdrTaco posted more than 3 years ago | from the someone-warn-snow-white dept.

Google 175

alphadogg writes "Cybercrooks continue to abuse the Web, boosting their ability to produce what's called search engine optimization poisoning so that individuals making use of search engines such as Google's increasingly are ending up with choices that are dangerous malware-laden URL links. Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results, according to the Websense 2010 Threat Report published Tuesday. That's in comparison to 13.7% of Google searches having that outcome in the latter half of 2009, says Patrik Runald, Websense senior manager of security research."

cancel ×

175 comments

Sorry! There are no comments related to the filter you selected.

Link to Actual Report and My Many Gripes (5, Insightful)

eldavojohn (898314) | more than 3 years ago | (#34185788)

You can find the actual Websense Threat Report in ASP-driven HTML here [websense.com] . I mention ASP because the video doesn't seem to be functioning correctly in my non-IE browser.

I thought I would find this in the NetworkWorld article. Boy was I mistaken. As I switch between the two pages of the article, I am presented with "Whitepaper" links to reports that then navigate me to a 'page1234' at accelacomm.com where it asks for all my personal information. In the middle of the article (with no indication this has nothing to do with the article) is a link to another NetworkWorld article titled 'Royal pain: British Royal Navy site hacked.' Shouldn't that go in the 'Related Content' section that is also in the article with links to how I can 'bail out my budget'? Oh look, they've hyperlinked phrases in the article that just direct me to another NetworkWorld article and at the end I get directed to their security section. Might they take a chance and link to the source of the information that they are considering an authority on SEO poisoning? So you know, I can judge for myself and further inspect the report? I mean, I'm not asking them to drive across town to get a quote from the mayor ... this is the smallest gesture of investigative reporting one could possibly do.

Sorry to rant for so long but it amuses me how a news article about SEO poisoning is obviously taking some questionable routes to up their own stats -- maybe even manipulate Google page ranks? Oh but that's just good old wholesome Search Engine Optimization -- it's those pesky cybercrooks that phish for my home address, not the "esteemed" online news sources we should criticize that ask me to enter it into accelacomm.com when I'm trying to read the news (and I'm not accusing accelacomm of being a scam, just annoyed at the principle).

Re:Link to Actual Report and My Many Gripes (4, Informative)

Shados (741919) | more than 3 years ago | (#34185862)

#1: its in asp.net, not asp (big difference)
#2: asp.net doesn't have a dependency on IE. Its browser agnostic (and thus like any other environment used for web development, it works BETTER if you're not using IE)
#3: the video is in Flash using a pretty standard Flash player that has nothing to do with asp.net.
#4: it works just fine in non-IE browsers (I'm using Chrome)

Just figured I'd clear that up.

Re:Link to Actual Report and My Many Gripes (1, Informative)

Anonymous Coward | more than 3 years ago | (#34185904)

For the record, works fine in FF3.6 too.

Re:Link to Actual Report and My Many Gripes (2, Funny)

Dishevel (1105119) | more than 3 years ago | (#34186418)

He is using Lynx.

Re:Link to Actual Report and My Many Gripes (0)

Anonymous Coward | more than 3 years ago | (#34186124)

What ever's triggering the video popup (not the decoding) is borked for me. Presents a blank frame. In addition to that is the fact that ASP.NET does a whole lotta this [w3.org] .

Re:Link to Actual Report and My Many Gripes (0)

Anonymous Coward | more than 3 years ago | (#34186192)

Re:Link to Actual Report and My Many Gripes (0)

Anonymous Coward | more than 3 years ago | (#34186336)

No, it actually has over 500 if you use the validator correctly.

Re:Link to Actual Report and My Many Gripes (1)

jojoba_oil (1071932) | more than 3 years ago | (#34186404)

When the doctype is overridden to one listed as experimental, I would expect the validator to show fewer errors; however, the source of that site clearly labels itself to be using the XHTML 1.0 Transitional doctype. That, as the GP makes reference to, has 522 errors and 7 warnings.

Re:Link to Actual Report and My Many Gripes (1)

Dalzhim (1588707) | more than 3 years ago | (#34186346)

#1 Chrome doesn't represent 100% of non-IE browsers
#2 If Chrome doesn't represent 100% of non-IE browsers, then you haven't verified that "it works just fine in non-IE browsers"
#3 The video isn't "using a pretty standard Flash player", you might be doing so, but people on an iPhone might be using a service to convert flash to HTML5 which isn't a pretty standard player.

Re:Link to Actual Report and My Many Gripes (0)

Anonymous Coward | more than 3 years ago | (#34187198)

If it works in chrome that suggests the GP's browser is at fault in it self regardless of whether it works in IE. Calling it a non-IE browser is thus misleading and kind of pointless.
Like saying non-Volvos randomly explode on the road, when you are in fact talking about exactly Fiat Bravo 99 with the 1.6 liter engine.

Re:Link to Actual Report and My Many Gripes (2, Interesting)

negRo_slim (636783) | more than 3 years ago | (#34186226)

I thought I would find this in th NetworkWorld article.

Networkworld sure does seem to get linked to a lot around here lately.

That aside, the summary states 22.4% of Google Searches produced malware results. Okay so obviously 22% of searches aren't going to be for anti virus software and the like, so can we just call this one a stupidity tax and move on? I recently had to remove a virus from an acquaintance's machine (3ghz celeron w/ 248mb RAM) by the time I was done I wanted to put it back on for the gentleman assumed it must of been the government out to get him to stop him from speaking his mind on the internet.

0_0

Can't help but wonder if these people even need a connection to the internet. Now granted that's not to say infections can't happen to everyone, because they can and they do but I think we can all agree the vast majority of infections delivered by shady sites are borne by the vast vapid masses. I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is? Can the knowledge really get any more fundamental than that, for at some degree shouldn't we be held accountable for our own actions or lack thereof? If ignorance of the law is no excuse I fail to see why we give such a large free pass when it comes to computing. For the consequences can be just as real when you find you just sent your life savings to a scammer in Nigera, or got your dumb ass key logged while going into your PayPal. Or whose to say a virus won't come along that dumps addresses? Oops your 19 year old daughter's college address was in your Outlook now someone has that... Oops she's murdered! ... Granted a stretch but my point is for far to long we've gone after the symptoms and never treated the cause.

Re:Link to Actual Report and My Many Gripes (1)

Tanktalus (794810) | more than 3 years ago | (#34186646)

Can't help but wonder if these people even need a connection to the internet. Now granted that's not to say infections can't happen to everyone, because they can and they do but I think we can all agree the vast majority of infections delivered by shady sites are borne by the vast vapid masses. I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is?

You had me until here. I get in to my car with nary an idea on what nearly everything in the engine (processor/memory) is or does. All I know about a vehicle is what I can reach from the driver's seat: ignition, steering wheel, gas and brake pedals, radio, climate control, spedometer, odometer. There's also a tachometer (or something) which strongly correlates with engine noise, and also tells me when my gas engine turns off while I'm stopped (hybrid) - beyond that, I have no care.

I don't see why a computer user needs to know what a processor or memory is. They need to know how to navigate: turn it on and off (safely), get on the applications they care about, save their progress (e.g., in a word processor) such that a power outage doesn't destroy hours of work, and they need to know "defensive computing", that is, how to recognise dangers to their safety, both personal safety and the safety of the machine they're operating. We take driver's ed and defensive driving courses. Equivalents can be created for computing. But we don't all take mechanic's training, nor should most users need to know how to crack open their case and manipulate the contents.

Re:Link to Actual Report and My Many Gripes (0)

Anonymous Coward | more than 3 years ago | (#34186688)

I recently had to remove a virus from an acquaintance's machine (3ghz celeron w/ 248mb RAM) by the time I was done I wanted to put it back on for the gentleman assumed it must of been the government out to get him to stop him from speaking his mind on the internet.

At least you didn't convince him he was right and extort money [slashdot.org] from him to protect him from these secret assailants.

Re:Link to Actual Report and My Many Gripes (1)

IBBoard (1128019) | more than 3 years ago | (#34187080)

I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is?

I've only got a vague notion of what the carburetter is/does, and I probably couldn't identify it if asked to point it out. I do, however, know about petrol, oil, tire tread, lights and general driving. Does that mean that I shouldn't drive? Yes, knowledge of computers is good and people somehow assume that they don't need it, but processors and memory isn't important knowledge - how to "drive safely" and what the essential maintenance points are is the important bit, plus what a computer sounds/behaves like normally (whether there are odd clunks coming from the engine).

Re:Link to Actual Report and My Many Gripes (0, Redundant)

Tanktalus (794810) | more than 3 years ago | (#34187100)

Can't help but wonder if these people even need a connection to the internet. Now granted that's not to say infections can't happen to everyone, because they can and they do but I think we can all agree the vast majority of infections delivered by shady sites are borne by the vast vapid masses. I mean you don't turn on your car and get on the freeway with nary a clue how it works do you? Why on earth should you get on the information superhighway when you don't even what a processor or memory is?

You had me until here. I get in to my car with nary an idea on what nearly everything in the engine (processor/memory) is or does. All I know about a vehicle is what I can reach from the driver's seat: ignition, steering wheel, gas and brake pedals, radio, climate control, spedometer, odometer. There's also a tachometer (or something) which strongly correlates with engine noise, and also tells me when my gas engine turns off while I'm stopped (hybrid) - beyond that, I have no care.

I don't see why a computer user needs to know what a processor or memory is. They need to know how to navigate: turn it on and off (safely), get on the applications they care about, save their progress (e.g., in a word processor) such that a power outage doesn't destroy hours of work, and they need to know "defensive computing", that is, how to recognise dangers to their safety, both personal safety and the safety of the machine they're operating. We take driver's ed and defensive driving courses. Equivalents can be created for computing. But we don't all take mechanic's training, nor should most users need to know how to crack open their case and manipulate the contents.

TEH GOOGLE OWNS YOU MOFOS !! (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34185858)

And it always will cuz you are suckas !!

Oblig (3, Funny)

Anonymous Coward | more than 3 years ago | (#34185860)

My search engine optimization goes to '11

Re:Oblig (1)

Yvan256 (722131) | more than 3 years ago | (#34186852)

Enjoy your lead of 51 days while it lasts.

Malware/Spyware isn't the only problem... (5, Interesting)

drunkennewfiemidget (712572) | more than 3 years ago | (#34185876)

At least in my case, I've found that google's search results have gotten progressively more useless over the last 2-3 years.

I search for a linux issue I'm having, the only hits I get are ubuntu users in 2004.

I search for applications for my wife's phone, it's almost 100% adware sites, and 0% useful download links.

My google search usage is going down steadily. If I want to know about a company/famous person/whatever, it's en.wikipedia.org/wiki/.

Info on movies, actors, etc? imdb.

Looking for directions? Mapquest. Google maps has gotten me lost on countless occasions. (By doing such things as telling me to get off a highway by crossing the meridian, and exiting on the onramp for the opposite direction.)

I don't know whether it's just me, google has thinned out the effort going into their searches in favour of their (many) other endeavours, or if they're just not evolving as fast as the assholes who want to try and monetize my searches for completely unrelated shit.

Re:Malware/Spyware isn't the only problem... (3, Funny)

olsmeister (1488789) | more than 3 years ago | (#34186064)

By doing such things as telling me to get off a highway by crossing the meridian, and exiting on the onramp for the opposite direction.

Are you sure that it's just poor directions? Have you done anything to piss off Google lately?

Re:Malware/Spyware isn't the only problem... (1)

formfeed (703859) | more than 3 years ago | (#34186536)

By doing such things as telling me to get off a highway by crossing the meridian, and exiting on the onramp for the opposite direction.

Are you sure that it's just poor directions? Have you done anything to piss off Google lately?

Don't buy a GPS systems from Atmos !

Re:Malware/Spyware isn't the only problem... (1)

symes (835608) | more than 3 years ago | (#34186088)

If I want to know about a company/famous person/whatever, it's en.wikipedia.org/wiki/.

Info on movies, actors, etc? imdb.

Looking for directions? Mapquest.

I hadn't really thought about this, but on reflection I find i am doing similar... going down the domain specific route rather than the all encompassing google way. But is this the rise of places like imdb as much as failings on the part of google?

Re:Malware/Spyware isn't the only problem... (3, Interesting)

jhigh (657789) | more than 3 years ago | (#34186608)

It's probably a combination of the two. Google search results are definitely becoming more useless, and I think as more and more people become familiar with the Internet, their behavior patterns will evolve to reflect this. I think it's not just more specialized web sites like imdb cropping up, but user familiarity with the existence of these sites. As the Internet becomes more and more a part of our daily lives, web sites advertise on television, etc., it's only natural that average users are becoming more familiar with specific web site offerings and foregoing the extra step of typing a search into Google. The (potential) down side to this is what happens when a new, better web site crops up that may be infinitely better than the one that we're all familiar with. For example, once the world became accustomed to using Microsoft Office exclusively because that is what they were the most familiar with, it has become increasingly difficult (if not damn near impossible) for any other product to break into that space.

Is it possible that we will see similar things happening with web sites, where inferior sites are getting all of the hits simply because they are what people became familiar with early on?

Useless Search Content (4, Insightful)

ideonexus (1257332) | more than 3 years ago | (#34186098)

I'm seeing the exact same thing. I find that Google is becoming more and more useless for academic research. I would once type in a subject and get tons of legitimate, informative sites written by people who cared about the subjectmatter (remember ThinkQuest [thinkquest.org] ? All those fantastic articles are still out there, they just aren't in Google's search results anymore), which I could use as a springboard into deeper research. Now I get Wikipedia as the first result and fifty pages of forums filled with people who have no idea what their talking about. There's still no algorithm for content quality.

mod parents ++ (1)

Anne Honime (828246) | more than 3 years ago | (#34186208)

Sadly, it's very, very true indeed. I made a (legitimate) site not long ago using Google sites. Submitted the url for review in both bing and google. Bing listed me the next day, without any further input. Google didn't even listed my url in its base (not talking about rank here) until I submitted a sitemap through the webmaster tools, fighting a nasty bug they made in the process but didn't cared to correct since at least a year (if you put your auth key in your DNS zone, the automated sitemap created by google themselves returns a failure in their webmaster tools - brilliant).

Re:Useless Search Content (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34186242)

fifty pages of forums filled with people who have no idea what their talking about

people who have no idea what their talking about

what their talking

their

Really? You're talking about academic research, yet blunder on one of the most basic lessons in grammar and spelling?

Re:Useless Search Content (1)

drcheap (1897540) | more than 3 years ago | (#34186686)

fifty pages of forums filled with people who have no idea what their talking about

people who have no idea what their talking about

what their talking

their

Really? You're talking about academic research, yet blunder on one of the most basic lessons in grammar and spelling?

He probably consulted Google for the correct spelling/grammar, and it gave him the incorrect result ;)

Re:Useless Search Content (4, Informative)

Monkeedude1212 (1560403) | more than 3 years ago | (#34186384)

I'm not sure if this is relevant - but perhaps you should be using google Scholar for your academic research. It's possible that they segregrated what information you're looking for into that section.

But then again, maybe not - I don't know what kind of research you do (and I've never had a problem with springboarding with a Wikipedia article...)

Re:Useless Search Content (1)

interval1066 (668936) | more than 3 years ago | (#34186526)

"...perhaps you should be using google Scholar for your academic research."

Good point. And google code for code that may help that programming project. And so on (I don't know what other specific search pages google has, but there must be others.) Google.com is of course the premier page for advertisers, so using it to search is going to return some bad results skewed to whomever has paid google the most money. Fortunately has provided other tools.

Re:Malware/Spyware isn't the only problem... (0)

Anonymous Coward | more than 3 years ago | (#34186108)

Google and many other search engines have always been relying on algorithms, so at no point does any intelligence come into the results.

I think there should be a term for continually searching for specific things and getting millions of irrelevant resluts that include only 'part' of the search. It's a real drain on the will to live after an hour of following links and realising that it's not what you were after.

I think ant search provider should give more indication of the potential threats on all the sites it returns. I know Chrome warns you but Google should just implement this as the source so it works on all browsers. Or maybe MS should show they are more security aware and set this on on Bing?

Re:Malware/Spyware isn't the only problem... (0)

Anonymous Coward | more than 3 years ago | (#34187044)

I think ant search provider should [...]

Oh, that's how they do it? They send out ants over the tubes?

so at no point does any intelligence come into the results.

Ants are pretty smart. Not individually, but as a collective they solve the salesman problem better than any mathematician or computer. Makes me wonder why those Google ants are so lame.

Re:Malware/Spyware isn't the only problem... (4, Insightful)

TheGratefulNet (143330) | more than 3 years ago | (#34186122)

google totally sold out and lost their mojo.

I get link farm sites from the first page that SHOULD be weeded out. I search for tech things and get mostly 'buy this!' crap sites.

google chooses to do this. they could do better (they did, once) but now they are no better than any random search engine. worse since their UI is less direct and more junk oriented. we have seen google do a lot of auto-things (animation, auto scrolling of text ads, auto complete, auto-think!) and none of it is really welcomed by the user community.

its just what we all predicted. google would be a golden child for a few years but then it will fizzle out.

its ONLY because of habit that many people still use google. but they are not any better than the rest, these days, and their search seems like a paid service for all the wrong 'content suppliers' (I use that term very loosely).

I wish altavista was back. I miss the old days.

Re:Malware/Spyware isn't the only problem... (3, Insightful)

FudRucker (866063) | more than 3 years ago | (#34186432)

yup, now that Google has their namebrand recognition they dont give a damn anymore as if they left the office with their servers running on autopilot while they are all out vacationing while the revenue rolls in. typical of most companies = they start out with benevolent ideals and once the ball is rolling and the money starts pouring in then it all goes to heck while the owners go out and play rich guy.

Re:Malware/Spyware isn't the only problem... (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34186444)

The problem is that Google uses an algorythem to rank pages for search results. Originally this was superior to the "submit your site and we'll include it in our search" method because it removed bias. However over time people have reverse engineered that algorythem and so no the rank of your site is based on how well you optimize for that algorythem. The sites that spend the bulk of their effort having good content will this be disadvantaged over those that spend the bulk of their effort optimizing for search rank (typicly the later are ad sites or malware distribution sites).

Re:Malware/Spyware isn't the only problem... (2, Insightful)

Dishevel (1105119) | more than 3 years ago | (#34186562)

we have seen google do a lot of auto-things (animation, auto scrolling of text ads, auto complete, auto-think!) and none of it is really welcomed by the user community.

None of it is welcomed by you. Most of it can be turned off with a few clicks.

Google actually dose things fairly well compared to most companies. I can choose simple and clean or bleeding edge cool stuff. Never once have I searched for something Microsoft related and got the first 3 links pointing me to Googles competing products.

Google is not perfect and I would not trust them with my child but I trust them and like them more than Bing or Yahoo.

Re:Malware/Spyware isn't the only problem... (1)

16384 (21672) | more than 3 years ago | (#34186638)

Although I do agree that google seems to be on a descending path, the alternatives don't have an index as comprehensive. So, until then, you either accept sub-optimal results or you have to use google.

Re:Malware/Spyware isn't the only problem... (1)

delinear (991444) | more than 3 years ago | (#34186820)

I wouldn't say Google is about to fizzle out soon, but I totally agree that a lot of people stick with them now because either it's what they've always used (if they're new to the web) or there's nothing yet that reliably does things better. I'm at the point where, if a search engine that reliably directed me to more relevant information and away from ad/malware sites (and also identified when content was just straight copy-pasted between sites, so the first five results aren't the same question and responses being mirrored across different forums), I wouldn't have any qualms about switching. They're becoming complacent, and polishing the existing offering with largely irrelevant bells and whistles is not the same as improving the underlying offering.

Re:Malware/Spyware isn't the only problem... (2, Interesting)

Jugalator (259273) | more than 3 years ago | (#34186140)

Yes, I think I've seen the same thing. And either Google is very silent about their search engine updates besides the visuals, or they're doing very little to combat the problem. All I seem to hear is efforts to let you get the results faster (the latest ideas being "Instant Search" and "Instant Previews"), although I can't say I'm having trouble with Google being sluggish. The fake blogs or forum scrapers, on the other hand...

I understand that it's hard to differentiate carefully crafted fake sites from real ones with algorithms, but come on -- there are well-known domains only using scraped stuff out there... Block the entire domains, Google. It's your private index and you decide who should be there. Or at least hide them, if you don't want to look like a censorship organization. Smaller-sized text with the message: "This link is temporarily hidden due to excessive search engine index manipulation in the time period XXX to YYY. It will be shown again on ZZZ. Click to view."

Re:Malware/Spyware isn't the only problem... (4, Insightful)

Trepidity (597) | more than 3 years ago | (#34186184)

The main thing saving Google's ass these days is that 90% of the time they can just throw up a Wikipedia result in the top-5, and usually that's good enough.

Re:Malware/Spyware isn't the only problem... (1)

nedlohs (1335013) | more than 3 years ago | (#34186190)

Looking for directions? Mapquest. Google maps has gotten me lost on countless occasions. (By doing such things as telling me to get off a highway by crossing the meridian, and exiting on the onramp for the opposite direction.)

I guess if the road is going North/South you are going to have to cross a meridian to turn off at some point...

Re:Malware/Spyware isn't the only problem... (1)

drunkennewfiemidget (712572) | more than 3 years ago | (#34186946)

I'm talking about controlled access highways.

In Ontario, we have a series of highways called the 400-series highway. The busiest being the 401.

I was driving on the 401 to check out a house my parents were considering buying, and they wanted my input.

So I typed in the address into google maps, and printed the resulting directions.

Google's directions had me crossing the meridian, driving the wrong way on the divided highway for ~40m, and then taking the off-ramp in the other direction, instead of the correct way, which is to take the same exit on my side of the highway, and stay right at the fork.

Naturally, it's fixed by now, but at the time, like all big companies, finding a way to tell somebody at google what it was doing was stupid and potentially unsafe was damned near impossible. I was just met with 30 pages whose obvious sole job was to prevent me from getting a real form to type a message to a real human being.

Despite crawling through loops to help them improve THEIR service, I got a generic, form letter response, and the issue wasn't fixed until some time later.

Re:Malware/Spyware isn't the only problem... (1)

The Moof (859402) | more than 3 years ago | (#34186962)

That would make interstate driving very interesting...

Re:Malware/Spyware isn't the only problem... (1)

tibman (623933) | more than 3 years ago | (#34186286)

I think you are right.. the results have been going down lately. Many times when i search for something the first few links are just sites that say the phrase i searched for in the middle of an advert page.

It's like the old web again.. in a way. Its difficult to find the things you want.. but when you do find a site that works, you mentally bookmark it and just direct type it next time. When i want to buy something i go straight to amazon and ebay. Screw searching because i end up in a maze of advertisements and review sites and nobody is actually selling anything (and looks legit).

Re:Malware/Spyware isn't the only problem... (0)

Anonymous Coward | more than 3 years ago | (#34186350)

enwp.org/ = en.wikipedia.org/wiki/
Just btw.

Re:Malware/Spyware isn't the only problem... (0, Redundant)

melikamp (631205) | more than 3 years ago | (#34186420)

IMHO, the trash in the Google search is mostly due to spammers: the people who game the page-rank. I agree with eldavojohn: everyone is doing it these days, and the "news" sites are especially notorious. The line is very blurry. I know a dude who works for gather.com, and they are doing it by inserting "keywords" into their news articles. This is not the same as using a botnet to generate traffic, but the goal is the same.

May be the future of search is Bayesian filtering? It is doable even right now: have a local program load 1000 or so Google hits and unleash on them your own personal filter. Everyone heard about spam/ham filtering, but the math and the algorithm extend naturally to any finite number of categories, so a user can create categories such as "spam", "science", "shopping", "blog", "porn", train the filter, and enjoy truly personalized search results. Google is obviously loosing to rank gamers, they are way too smart and too quick to adapt. But a personal Bayesian filter could take the raw index with 90% spam and select results relevant to YOU, while slashing the amount of spam by a couple of orders of magnitude.

My Thunderbird filter works like a charm: in the last year I've had 1 (one) false positive and what feels like less than 5% of false negatives. I think it will work just great on Web pages.

Re:Malware/Spyware isn't the only problem... (2, Informative)

curveclimber (17352) | more than 3 years ago | (#34186454)

It's not just you. I remember when I first started using google and how amazingly appropriate its results were if you knew the right search terms. Now days I'm surprised more that it does so poorly on what seems like straightforward searches.

Why is this? SEO must be part. But I also know if anything I'm looking for is even slightly related to a product, forget it, you get pages and pages of shopping results. I too, have to result on my memory and knowledge of where to look for certain things more and more.

Re:Malware/Spyware isn't the only problem... (3, Interesting)

melikamp (631205) | more than 3 years ago | (#34186550)

IMHO, the trash in the Google search is mostly due to spammers: the people who game the page-rank. I agree with eldavojohn: everyone is doing it these days, and the "news" sites are especially notorious. The line is very blurry. I know a dude who works for gather.com, and they are doing it by inserting "keywords" into their news articles. This is not the same as using a botnet to generate traffic, but the goal is the same.

May be the future of search is Bayesian filtering? It is doable even right now: have a local program load 1000 or so Google hits and unleash on them your own personal filter. Everyone heard about spam/ham filtering, but the math and the algorithm extend naturally to any finite number of categories, so a user can create categories such as "spam", "science", "shopping", "blog", "porn", train the filter, and enjoy truly personalized search results. Google is obviously loosing to rank gamers, they are way too smart and too quick to adapt. But a personal Bayesian filter could take the raw index with 90% spam and select results relevant to YOU, while slashing the amount of spam by a couple of orders of magnitude.

My Thunderbird filter works like a charm: in the last year I've had 1 (one) false positive and what feels like less than 5% of false negatives. I think it will work just great on Web pages.

Um, I am resubmitting this, since it's not appearing. Sorry if it's a dupe.

Re:Malware/Spyware isn't the only problem... (1)

couchslug (175151) | more than 3 years ago | (#34186616)

"I search for a linux issue I'm having, the only hits I get are ubuntu users in 2004."

It's not just you, things have changed for the worse, and it's disturbing.

Proficient Linux users will know to visit appropriate forums, but noobs will have a worse time.

Re:Malware/Spyware isn't the only problem... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34186792)

The strangest thing is how the number of Google search results per search phrase has decreased. Often when I try to get back to a specific webpage but can't find it in history, I google part of the page title or text. This used to work more often than not, now it doesn't. And Google doesn't even respect the + operator any more. It tries to "spell correct" all words (replace by more popular neighbors) even when I explicitly tell it not to. They got it backwards. Rare words in queries should be boosted because finding them by other means is more difficult. Frequent words in queries should be given less weight. And please, Google, don't be so patronizing. Just look for what I entered. If I misspelled it, that's my problem.

Re:Malware/Spyware isn't the only problem... (0)

Anonymous Coward | more than 3 years ago | (#34186866)

you mean you don't use the advanced search features in google? I tend to limit my searches to the last year so I don't get outdated responses using older technology....

But that just begs the question then... (1)

Pollux (102520) | more than 3 years ago | (#34187000)

I've found that google's search results have gotten progressively more useless over the last 2-3 years.

So, what's better than Google?

I mean, back in the late 90's, I encouraged everyone to go to Google at the time, because it was so much better than the competition: Yahoo, Excite, Lycos, AltaVista...they all paled in comparison to the accuracy of Google.

But now, is there anything better than Google? Or is it just like the airlines, where there's no "best option" because everything is terrible.

Re:Malware/Spyware isn't the only problem... (1)

phorm (591458) | more than 3 years ago | (#34187052)

the only hits I get are ubuntu users in 2004.

I've found this in many cases. However in many cases it also seems that the issue is more that there are long-term issues without a proper fix that are *still* around years later (or have even got worse, for example pulseaudio issues).

Search engine rankings for legitimate sites (4, Insightful)

Compaqt (1758360) | more than 3 years ago | (#34185878)

The annoying thing is when sites that have legitimate and interesting content are ranked nowhere near the spammers.

Many legitimate and useful sites are far and few between. You have to bookmark them because it's doubtful you'll find them again with Google (page 20 or something).

Re:Search engine rankings for legitimate sites (4, Insightful)

dkleinsc (563838) | more than 3 years ago | (#34186218)

This sounds like a very very familiar discussion. Specifically, we had this exact same problem about 10-15 years ago when search spammers had learned how to game results on Yahoo and AltaVista with stupid meta tags and repeating the same words over and over to increase their ranking.

Google figured out a way to get around that problem, which produced a massively better search engine. It sounds like the search spammers are now figuring out how to game the Google results, so in another year or two we'll be right back in the big mess that Internet search used to be.

Re:Search engine rankings for legitimate sites (4, Insightful)

Trepidity (597) | more than 3 years ago | (#34186228)

I think PageRank is ultimately some of the problem, though I hear they've been de-emphasizing it (but it hasn't fixed my searches). When I search for band lyrics, I want the lovingly crafted fan site that's been accumulating information on that band for the past 10 years. When I search for reviews, I want that site too. I don't want mp3lyrics.com for lyrics or allmusic.com for reviews or whatever. But the problem is that each of the good fan sites is a separate entity (which is one reason they're good): one's at joydiv.org, another one's off some person's university webspace, another one's on free hosting somewhere, yet another one's at brainwashed.com or synthpunk.org or whatever. So they each rank lower than mp3lyrics.com or allmusic.com, which have mediocre info for every band on the planet tucked away under their single pagerank unit.

Same with non-music stuff. You're never going to find the person with a great page on blueberry pies; instead you'll get a recipe from eHow.

Re:Search engine rankings for legitimate sites (3, Interesting)

theskipper (461997) | more than 3 years ago | (#34187154)

Speaking of ehow (Demand Media), here's a great article about how they're junking up the SERPs. It's not just small time link farms, it's industrial strength pollution backed by hundreds of millions of dollars.

http://www.wired.com/magazine/2009/10/ff_demandmedia/ [wired.com]

Google is going to need to take a firm stand. And they most likely want to do it desperately now that there's some real competition. But it's a tough nut to crack and they certainly don't want to upset their applecart (i.e. ad revenues).

Re:Search engine rankings for legitimate sites (1)

dargaud (518470) | more than 3 years ago | (#34186324)

The annoying thing is when sites that have legitimate and interesting content are ranked nowhere near the spammers.

And there are some strangenesses: I found a site I was looking for with very unique keywords: 210th out of 231 results on Google. A friends with a different browser and location: 3rd ! It should have simply been number one since it's the reference for those specific keywords (the name of the company and its field of expertise, the others were just mentioning them).

Re:Search engine rankings for legitimate sites (1)

delinear (991444) | more than 3 years ago | (#34186978)

Apparently ranking is now meant to take your previous searches into account, which might account for the difference, but I know what you mean, I've searched for very specific OS error messages before and found the first page that actually contained the full unique string was not always the first result returned, and was sometimes not even on the first page of results. Of course I can enclose it in quotes for an exact match, but that relies on the person who typed it up getting it exactly right, and besides, a 20-30 word error should be enough to bring me back relevant results at the top of the first page.

Re:Search engine rankings for legitimate sites (1, Informative)

Anonymous Coward | more than 3 years ago | (#34187102)

There are some that are not even spammers, yet useless information, and they are ranked pretty high.

Last time I googled myself (I have a fairly common name), I found on the first page a result from a page "CreateDebate" titled: is name a douche? - CreateDebate

The "debate" if you can call it that, started from a high school kid, has no details on what person he's talking about. So people, just come to the forum and say "yes, name is a douche", "no, name is not a douche" or "what name are you talking about?".

If by repeating the name over an over, the ranking goes up. Then a retarded forum of people repeating a single name, goes up really fast.

Re:Search engine rankings for legitimate sites (-1, Redundant)

Anonymous Coward | more than 3 years ago | (#34187212)

There are some that are not even spammers, yet useless information, and they are ranked pretty high.

Last time I googled myself (I have a fairly common name), I found on the first page a result from a page "CreateDebate" titled: is name a douche? - CreateDebate

The "debate" if you can call it that, started from a high school kid, has no details on what person he's talking about. So people, just come to the forum and say "yes, name is a douche", "no, name is not a douche" or "what name are you talking about?".

If by repeating the name over an over, the ranking goes up. Then a ridiculous forum of people repeating a single name, goes up really fast.

A serious question here... (0)

pongo000 (97357) | more than 3 years ago | (#34185900)

...but is it really possible to be exploited by clicking on a link? Can someone show some concrete examples of this? I'm not interested in "possible" exploits, but something in the wild that can infect a box running the latest versions of Firefox, AdBlock and NoScript?

I just simply find it all too difficult to believe. If there are really browsers running around out there with security holes as big as Peterbilt trucks, shouldn't they be tagged as "enemies of the state"? Or is all this just so much hype?

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186032)

If someone wanted to and targeted you specifically, it pretty much possible. All one needs to do is find a bug in noscript (buffer overflows anyone?) and use it to escalate into an FF bug and they are done. And no, currently I have not seen any worms targeting noscript users, because the user base is pretty low (and there is plenty of low hanging fruits). Just because there are no such mass targeted worms, doesnt mean that you are safe.

And trust me this is not complicated, and you should definitely take this off your too difficult to believe list.

Re:A serious question here... (1)

astar (203020) | more than 3 years ago | (#34186406)

I have started a little project to see if I can eliminate problems with drive-by binary drops and about anything dependent on binary code. It actually looks straightforward, but only useful for someone who actually is concerned. It looks pretty doable for any of us to put together from a fpga a low end armish thing with a randomized opcode set. At the moment, I am just trying for a standard armish thing, with no randomization. As far as I can tell, this segment is just system administration skills. A little code to randomize the opcodes in the verilog and rerinse. Then a little programming to get the tool chain. Then some sort of magic bootstrapping and spend a couple weeks compiling what you need. If the opcode set is unique, then security through obscurity might be workable. So you might end up with a pretty secure appliance at least. Wait ten years and the fpga performance might come up. Note that the last time I dealt with hardware, transistors were all discrete devices. Thus it would seem if I could do the first segment I referenced, pretty much anyone could if they wanted to. Does not really cost much. A few hundred USD and some time.

If you could actually bootstrap the tool chain very transparently and deal with physical security, then you might manage to have a trusted computer, at least for a bit. That is a bigger problem of course.

Re:A serious question here... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34186048)

that's like asking if carjacking works on armored cars, when most people drive mopeds...

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186070)

I just simply find it all too difficult to believe.

LOL, you've never seen a bug report for Firefox regarding driveby exploits? Gee, a casual search reveals one that was just patched on 28th October
that affected 3.6.11

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765

https://bugzilla.mozilla.org/show_bug.cgi?id=607222

If we had to trumpet each and every vulnerability that Firefox ever had (like this site does for IE and Safari) most fanboys here would stop thinking it was so "secure". FF security is an illusion created by uninformed OSS zealots. Chrome FTW.

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186422)

Ohh yeah if I had to trumpet each and every Chrome vulnerability, most fanbois like you will stop thinking its so secure. Chrome security is an illusion created by OSS zealots too. IE for the win.

On a more serious note, all software have bugs in them. Its how quickly they get fixed that matters. I consider and chrome and FF to be on par considering the time to fix.

And to GP, do you have Flash, Acrobat PDF plugin, Realplay, Quicktime plugins or any plugins at all for the matter. If so its pretty simple to pown you.

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186132)

Do you have Flash?

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186160)

...but is it really possible to be exploited by clicking on a link? Can someone show some concrete examples of this?

This is the perfect time to reply back with a goat.cx link. Be prepared to feel "exploited" by clicking that link!

SECUNIA.COM can tell you that type of info. (1, Informative)

Anonymous Coward | more than 3 years ago | (#34186256)

http://secunia.com/advisories/ [secunia.com] and go there and look up your favorite webbrowser or Operating System (or even an app like Adobe Acrobat Reader), & see the lists of security advisories (and especially the UNPATCHED ones). They explain exploits in pretty good detail (could be better though, & more technical imo but I don't think they put up TOO EXACT of information because others can use that for even more crap against others I'd imagine is why), and, how they can be used against you. Sometimes though, there are "work-arounds" recommended even for these known & unpatched security advisories though (some are sort of hokey, e.g.-> "do not open untrusted files" being one example).

One thing you'll probably note though is the sheer amount of exploits that involve javascript exploits over time especially. That's usually the main tool I have seen that is used against users online in say, maliciously scripted webpages or even poisoned ad banners (yes, believe-it-or-not, especially if you haven't heard of that happening before? It happens also, and more than just a few times now for the past 4-5 yrs. in fact).

As to the addons like NoScript or AdBlock? Well, they're programmed themselves and may even bear issues/known security vulnerabilities themselves, so look into that too. That's the 1 problem with complex systems like computer programs of any appreciable relative size: Possible bugs in the way of exploitable code mistakes, and they do happen as well and might be something to also research on your part if you're concerned on this note also.

Now, on the note of maliciously scripted websites? This may help http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] because that is why, in large part, those folks make their custom HOSTS file for: To protect users against known bad sites online.

A good read on much of this is also here, in detail, from Mr. Dancho Danchev (3 yrs. worth of it in fact) as well:

http://ddanchev.blogspot.com/ [blogspot.com]

For the past 3++ yrs. now that security researcher's done a great deal of very in-depth reporting on what you're looking for in fact - sites that are KNOWN to try to "hose your computer".

APK

P.S.=> Enjoy... I think that covers a good deal of ground here for you, per your request... apk

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186280)

well, it's not an infection, but if you're running firefox, try:

https://bugzilla.mozilla.org/attachment.cgi?id=461339 [mozilla.org]

Re:A serious question here... (0)

Anonymous Coward | more than 3 years ago | (#34186764)

In theory, yes, but for all practical purposes, no. If you disable scripts and flash by default (as I'm sure almost everyone in the world has learned by 2010 they should be doing - right???), your chance of being exploited are *really* small.

The people getting jacked are the ones driving Ferraris into the worst parts of town, parking them on the street unlocked with the keys in the ignition, and then wondering why it isn't there when they get back a few hours later. In other words, the idiots the tubes would be better off without to begin with.

Re:A serious question here... (1)

delinear (991444) | more than 3 years ago | (#34187074)

There have been plenty of live exploits in the last few years, but as I'm sure you're fully aware, the vast majority of people are not running FF+AdBlock+NoScript. Nor would they even if they knew what that was, since most people want all the flashy stuff that drives us geeks mad. I know. The story is still relevant, since even if you're in no danger of being infected, you're still suffering from having junk search results returned.

Google Can Ban Sites, So... (2, Insightful)

BoRegardless (721219) | more than 3 years ago | (#34186148)

If you abuse Google by deliberately manipulating to get high page results and they knock you out, then why can't Google permanently knock out the same 22.4% of the search result sites that host malware? That would END most users being able to come into contact with the criminally minded in that form of scam.

Re:Google Can Ban Sites, So... (3, Interesting)

Antony T Curtis (89990) | more than 3 years ago | (#34186262)

Probably because malware organisations have discovered an ancient and dark evil who would further their cause ... for a price.

They're called: Lawyers.

Re:Google Can Ban Sites, So... (1)

IBBoard (1128019) | more than 3 years ago | (#34187210)

They also have co-conspirators: Cheap Domain Sales (previously Domain Tasting, but I think they cut down on that). You can't kill an IP because you may take innocents with it (and a domain would just shift to another IP) and you can't kill a domain because they'll just buy another domain for a few days.

Just wait until we have to play whack-a-mole with IPv6 spammers - now there's a huge range to try blocking via blacklists!

Re:Google Can Ban Sites, So... (1)

Anpheus (908711) | more than 3 years ago | (#34186292)

Often those sites are unwitting hosts to malware that are eventually cleaned up, so I'd hope that they don't start permanently blocking.

I have noticed this quite a bit (1)

WiglyWorm (1139035) | more than 3 years ago | (#34186154)

Almost always when searching for breaking news, the top results are complete spam and malware.

Google Instant (1)

sottitron (923868) | more than 3 years ago | (#34186198)

I wonder if Google Instant will soon compound this problem. Once you're apt to see a tidbit of a result and quickly click through, that would be quite the prime target for this type of attack.

Post search results (1)

Drakkenmensch (1255800) | more than 3 years ago | (#34186222)

Post contents - Trusted download - [CLICK HERE]

Post contents - Full download - [CLICK HERE]

Post contents - Key generator - [CLICK HERE]

Post contents - torrent link - [CLICK HERE]

Re:Post search results (1)

zwei2stein (782480) | more than 3 years ago | (#34186472)

You know, it is actually awesome way to fight casual piracy.

After three pages of rebranded "Post contents - HD Download - [CLICK HERE], Post contents - Fast Download - [CLICK HERE]" link nests most people will simply give up before finding site with actual downloads

Re:Post search results (1)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#34186916)

All your Post contents FREE--Click here for free subscription.

Additional quality raters? (1)

adachan (543372) | more than 3 years ago | (#34186266)

Rather than pay current employees more per hour or per year, maybe Google should have hired more quality raters to help filter the results.

in my experience, not as bad as Bing (2, Informative)

ynohoo (234463) | more than 3 years ago | (#34186282)

Just yesterday I wanted to download VLC media player. Top link on Bing: repackaged with junk seach engine and crapware newsletters. Top link on Google: the home site which linked to the sourceforge download. Of course Microsoft could be doing that on purpose for Open Source software...

Re:in my experience, not as bad as Bing (1)

amentajo (1199437) | more than 3 years ago | (#34186680)

Just now, I searched, and it isn't [bing.com] .

What are they searching for? (3, Insightful)

sudnshok (136477) | more than 3 years ago | (#34186294)

The article is not clear what search terms produced 22% malicious URLs. That seems like a high number to me. If you search for "photoshop crack" or "keygen" you're going to get WAY more malware than searching for "fuzzy bunnies".

While I agree that more spam and malware sites have gotten into Google listings, I don't think the problem is quite as dire as the article makes it seem for the typical Google user.

Re:What are they searching for? (2, Interesting)

TheGratefulNet (143330) | more than 3 years ago | (#34186412)

google thinks the ONLY valid reason for the web is to let us 'shop for things'. sorry but I do a lot of tech searches (looking for code fragments or schematics or HOWTOs) and more often than not, the first FEW pages are ads to sell me something.

we need a front-end to google to keep google honest. there have been front-ends, too, but google found out and stopped it (usually).

Re:What are they searching for? (1)

sjwest (948274) | more than 3 years ago | (#34186704)

Phantom content is still phanton content suppose i pretend to search for 'bing crosby show s99e09' - series 99 episode 9 and i bet i would get five + pages of google telling me I can find said episode on a website which never existed in real life.

Other examples include experts-exchange who use this technique - so i have to filter results from useless sites with pretend content.

Our website have pitiful google page ranking, but since seo consultants seem to be surprised its so shit and offer to 'help' the fact that they can find us proves theres more to searching than google.

Re:What are they searching for? (2, Informative)

whoop (194) | more than 3 years ago | (#34186790)

No, it's not 22% of search results, but 22% of searches made which contain a malicious URL somewhere in the top 100 search results. Like anyone goes all the way through to 100 results.

Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results

Fear mongering. That is all.

Re:What are they searching for? (1)

drcheap (1897540) | more than 3 years ago | (#34186892)

That's what I was thinking -- 22.4% is a huge number.

But then I recalled that the most popular searches have to do with pr0n. Perhaps those sites are the malware havens which are poisoning the seo poisoning statistics?

Who browses 100 results? (1)

Dalzhim (1588707) | more than 3 years ago | (#34186362)

I rarely go past the first page of results (which means 10 results in my case). I don't really care about malware that makes it to the first 20-30 results.

Re:Who browses 100 results? (1)

countertrolling (1585477) | more than 3 years ago | (#34186572)

Who browses 100 results?

I do.. The first bunch of hits when searching for drivers are pure spam or behind a paywall. I'd rather have everything show up on one page. It comes up just as fast.

Re:Who browses 100 results? (0)

Anonymous Coward | more than 3 years ago | (#34186998)

Quite often, I browse to 100 or more results because so many of the results are links to other search engines or are repeated content that Google has not realized are duplicates, e.g. Usenet or listserv postings converted into various bulletin board formats. Does anyone know how to flag results as links to other search engines or how to phrase queries to eliminate such results?

i got a virus from youtube the other day (2, Funny)

alen (225700) | more than 3 years ago | (#34186400)

clicked a real ad on youtube for a Mario Bros game because my 3 year old was interested. installed it and then Symanted popped up a warning that it was a trojan

Forums n blogs (0)

Anonymous Coward | more than 3 years ago | (#34186434)

There should be a way to search specifically just forums across the net, and/or blogs and not get any other results

That's funny (2, Insightful)

countertrolling (1585477) | more than 3 years ago | (#34186486)

I've seen a couple of Slashdot journal writers who try to manipulate SEOs and page hits by getting to get you to click through their media merchandising blogs if you want to see the story they are journaling about. They should be marked as spam, because that is what they are.

That's funny (1)

countertrolling (1585477) | more than 3 years ago | (#34186530)

've seen a couple of Slashdot journal writers who try to manipulate SEOs and page hits by getting to get you to click through their media merchandising blogs if you want to see the story they are journaling about. They should be marked as spam, because that is what they are.

Hmm... really? (2, Insightful)

rickb928 (945187) | more than 3 years ago | (#34186574)

Really?

I rarely bother with results beyond the first 20 or so. IF I have to dig deeper, either I munged the search terms, or I'm digging for a specific item I couldn't build a specific search for. Either way, I'm wondering how what percentage of search returns in the first, say, 30, were malware.

And I wonder about the definition of 'malware'. But let's trust that.

How about a small effort, along the way, to clean up the fake links? If I search for a term that even tangentially matches a product, I get search results that invariably include Bizrate and other so-called shopping or pricing sites. And sure enough, Bizrate in particular has an actual product listing about 20% of the time for me. The rest of the time, it did the SEO thing to make it look like it had a listing, when all I get is a 'we don't have any right now, but how about these?' or 'come back later'. Argh. Abuse. Perhaps fraud. I hate them so much I ignore them even if they DO have the product.

Google doesn't care, though. They get paid anyways.

Feh.

slash missing (0)

Anonymous Coward | more than 3 years ago | (#34186604)

should read:
search engine optimization/poisoning

SEO is poison. It's a collection of techniques to poison search results by hacking page ranking algorithms to make irrelevant pages appear relevant. Whether those pages consist of ads or other malware is secondary.

Link moderation (1)

hey0you0guy (1003040) | more than 3 years ago | (#34186914)

It is too bad that there is no easy way to moderate the links that are returned. Sort of a "Is this relevant to your search" voting system that would, over time, filter out junk results. Unfortunately this probably isn't feasible since bots could just spam the YES button over and over again.

JS:DR (3, Interesting)

PPH (736903) | more than 3 years ago | (#34187234)

Article requires JavaScript: Didn't read.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?