February 18, 2013
Dangers and Risks Involved with Internet Image Searches
Looking for what's hot today? Curious to place a face with a celebrity named in a story? Odds are, many of you will be clicking on a Google Image to get the story. Image searches are popular, and have also opened the door for a new trend used by cybercriminals to inject malware onto users machines.
Millions of users are daily utilizing search engines, such as Google and Bing, scouring the Internet for the latest images involving today's top stories, celebrities and trending topics. However, most computer users are completely unaware of the threats posed by seemingly harmless image searches. You may want to ask yourself, when was the last time you verified a website was safe before clicking on the image for viewing?
What's the threat?
While you may feel that you're the only searching the Internet for images of the hottest news, etc., attackers are also observing and recording what's popular and are rapidly polluting the Internet with their own
(maliciously-embedded) images matching these popular image searches. These misleading images are then hosted on maliciously crafted websites that have been optimized to rank higher in image searches in ways that are disapproved of by search engines and usually involve deception, a process known as Black Hat SEO.
Below is an example of the top image searches for today according to the search image Bing:
What happens when a computer user clicks on one of these images?
When a user searches for an image, and sees a 'high ranking', suitable image (hosted on a malicious website) that matches his search criteria and clicks it, the user is redirected to the infected website to download the image, thus injecting malware into their system. Thirtyseven4 has observed that even the most Internet savvy individuals are falling victim to this latest tactic.
In the case of a Google search, the website stays hidden behind the image.
There is an option on the side that allows the user to "Visit page" but most people do not bother visiting the website before saving the image locally.
Bing handles the situation slightly better because the user can scroll down to see the full website. But again, this is something that very few people actively do.
Tips to avoid getting infected by image searches:
1. Always check the website that hosts the image you are downloading. Visit the page to view it properly.
2. Gain a better understanding on how search image searches work
a. Opening an image in a new tab from the search results page is the same as visiting the website.
b. Malicious websites often use SEO techniques (as explained above) to manipulate search results , so remember that if a website appears on the top of a search results page it doesn't necessarily mean that it is a legitimate website.
3. Verify that your web browser, operating system and other programs are fully updated with the latest security patches and fixes.
4. Update your virus protection software regularly. Thirtyseven4 products also provide browsing protection that proactively blocks unsafe domains, ip addresses, etc from being displayed.
We all want to know what's hot, but Thirtyseven4 wants to caution you not to get burned. Be aware of what you are clicking on, and keep your antivirus protection current!