Cybercriminals use fake search engines to spread malware

Security researchers say fake search engines are showing up in Google search results and lead to Web sites hosting malware.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they're also creating fake search engines that are showing up in Google search results, according to a PandaLabs blog posting.

When people use the engines to search for popular terms, like "flu statistics," the results displayed redirect to porn sites that purport to show video but require the visitor to install what they say is the latest version of a video player but which instead is malware, the post said. Searching on the fake search engines for security topics leads to fake antivirus sites, PandaLabs said.

One of the fake search engines has received about 195,000 visits, according to the post.

Web surfers should use reputable search sites to protect themselves, PandaLabs recommends.

This screenshot shows results on a fake search engine that redirects visitors to sites hosting malware, according to PandaLabs. PandaLabs