Google Hot Search topics are helping to identify malicious websites and signatures, says SonicWall.
Under a month-old trial project that may become part of the routine malware search, the malicious code research team regularly finds infected sites among the top 100 returned by Google's real-time search engine for those Hot Search topics, says Nick Bilogorskiy, the manager of the team.
Last week, he found search returns for 'Jordan Hicks announcement' (about a high-school American football player) that led to malicious sites, and he expected that soon there would be one for 'bank of America website down' (because the bank's website was out of commission most of the day), both of which were then on the Hot Searches list.
The project tracks those Google Search keywords that are trending, captures the top 100 or so results and runs an algorithm on them seeking suspicious sites.
Bilogorskiy checks them manually to find out if the suspicious sites actually lead to malware. "We get some false positives," he says.
Most of the malware he encounters redirect users to fake antivirus sites that pretend to discover malware on the user's computer and offers to sell antivirus software that will clean it up.
In most cases, Bilogorskiy says, the users are redirected only if they click on the Google Search link to the site. If the URL for the site is typed in, there is no redirection to the malware site, he says.
SonicWall sells its own antivirus and antimalware software, and after encountering sites that spread it the malware team finds signatures to block the malware itself and will also block access to those URLs, he says.
Bilogorskiy writes about infected sites in his Twitter account, but says he doesn't post the URLs in his tweets so his curious followers don't go there and get their computers infected.
He says part of the project is following up on the infected sites returned by Hot Search to see how long they remain among the top 100.
Google cleans up the list itself, but often they linger for several hours after Bilogorskiy finds them.
"I'll see 18 malware results in the top 100 and run it again three hours later and it would be 10, and run I again and there are no malware results," he says.
In one case, the term 'buy nexus one' returned malware sites for two weeks, he says.
He came up with the idea to use Hot Search as a detection tool in November.
Return to internet news headlines
View Internet News Archive