Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Updated 18:50 EST with comment from Google.

The royal wedding came off without a hitch. Unfortunately, the same can’t be said about online searches for news and images related to the event. Google Image searches for “royal wedding coverage” yesterday—which Google said was the number one U.S. search term for a time—led users to a number of websites doling out malicious software.  

At one point, clicking one of the images under “royal wedding coverage” led users to a common scam—bogus warnings of a computer infection. The embedded video, produced by researchers at StopBadware, shows how a common search could trick  users into “purchasing” what is really a nonexistent security solution—and a related blog post provides a detailed analysis of how it all worked.


This particular scam has defied all industry efforts to defeat it in the past several years. While its main aim is to steal money and credit card numbers (the scammers, many of whom are based in Eastern Europe, have found it very profitable), it is often accompanied by less visible attacks that aim to do things like install password-stealing programs via security holes in the user’s computer.

When I clicked the image identified by the group—of Princess Diana—the security scam vomited across my screen, defying not only Google but the up-to-date ESET antivirus protection on Technology Review’s computers. (Indeed, StopBadware’s analysis today found that most security products could not detect this attack.)

This scam program surfaces in many contexts, including links spreading on social-networking sites and through advertisements. In these cases it is hosted on malicious websites (or hacked pages of legitimate websites) that users land on through the “poisoned” search results. Malware scammers often hack into legitimate websites and add a page full of “bait”—lists of terms that people might be searching for. Then they link that hacked page with hundreds or thousands of other hacked pages—or with new pages of their own creation. This strategy can sometimes fool search engines.

Have you been hit by this ubiquitous scam?  If so, please add to the comment string and briefly explain what happened. I may get in touch with you to find out more.

Google responded to a question about the royal search incident with this statement:  “Google can respond quickly to new threats like these because utilizing popular search terms and events to lure users into visiting malicious web pages is not new. We’ve looked at these issues closely and work hard to protect our users from malware. We actively work to detect and flag sites that serve malware, keeping on top of the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies. We’re always exploring new ways to identify and eliminate malicious sites from our index.”

2 comments. Share your thoughts »

Tagged: Computing, Web, search, hackers, malware, virus, computer virus

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me