There's an increasingly insidious approach to driving up the rankings of search results of Web pages poisoned by malware.
According to Chris Larsen, a security expert with Blue Coat Systems, social networks and Web sites that have forums that are not actively maintained have become unwitting accomplices in the distribution of malware. Malware providers are creating thousands of accounts on these sites using false names. These fictitious users then all create a multitude of posts that include links back to a site containing the malware that cyber criminals want to distribute. Because all these links appear legitimate to a search engine, the site containing the malware gets a higher page ranking from the search engine companies. The higher the ranking, the higher the malware page shows up when someone searches on the term that the malware provider is promoting.
There's nothing particularly innovative about this link farm approach to malware distribution. But it does beg the question: Who should be responsible for making sure search results do not get poisoned in this manner? Obviously, the owner of the site has responsibility to clean up its forums. But companies that assign ranks to Web sites should also bear some of the responsibility.
Larsen says he doubts that even Google has all the processing capabilities needed to thwart search engine poisoning. If it did, he reasons it would have done something by now. There may, of course, come a day when search engine providers punish the owners of these forum sites for essentially abandoning them to malware distributors by lowering the page ranks of their other online properties.
But until something like that takes place or search engine providers figure out how to technically solve the problem, Larsen fears we're just seeing the beginning of this method of malware distribution.