Should Google Be Doing More to Keep Us Safe?
I don’t know about you, but from my vantage point the signs of some virus/malware/bad guy troubles are everywhere. The first whiff came from a note sent by Avast!, a free (for basic protection) anti-virus program with a large user base.
The company cautioned that malware gangs have become adept users of SEO (Search Engine Optimization). SEO is the science/art of trying to get certain listings to appear higher up on search results pages than others. Since most people tend to click on one of the top of the list search terms, the higher your ranking on the page, the more likely it is you’ll be discovered. Quicker discovery leads to increased traffic to your page.
Let’s say Dave Graveline’s newsletter is ranked higher on a search engine like Google than Dave Graveline’s Auto Repair site. The benefit to our Dave Graveline is that he gets more clicks because his page rank would be closer to the top of the heap.
Here’s one way that the wrong folks have been using SEO to their advantage. If Bill Clinton has a medical problem or Tiger Woods decides to offer his mea culpa, you can expect that people are going to search out further news. Sophisticated malware gangs, savvy to the power of news, know that people will use Google as their main conduit to read more. There are some variations on the theme: Some create fake destinations that ask for credentials, others have created websites that lead users to a fake message about having been infected with a virus. The message urges them to download new virus protection software in order to clean up things. The anti-virus software is really a malware program in disguise. In other words, Internet users just doing an ordinary search or reading online news cane be infected.
According to a note from Avast’s director of Anti-Virus Research, Jindrich Kubec: “This refined methodical approach to SEO manipulation and attack is increasingly popular and likely to keep working unless end users suddenly smarten up and change their willingness to visit unknown or questionable sites, or security firms can work more closely with Google.”
Interestingly page rankings are not just used by malware gangs, they’re used every day by major organizations like the Huffington Post too. If Huffington notices an unusual spike in traffic to Taylor Swift’s website, they’re ready to fire up their addition to the story. SEO has been a mixed bag of use and abuse.
What’s to be done? After following the events of the past weeks I see two possible ways to alleviate some of the problem. As consumers, don’t let Goggle do the driving. If you want to see how Bill Clinton is faring with his new stent, then go directly to CNN, The New York Times, or your site of reckoning. Not foolproof, but it diminishes the odds. In other words, be proactive about where you go on the web and rely on Google less.
At the same time, Google should be making sure that page rankings have some credibility. Working with worldwide anti-virus companies to alert them (all equally) regarding abuses and use issues is one of the critical steps in deterring attacks and malicious behavior. Google has some education available for those interested in optimizing searches on their websites, but getting it to take a larger responsibility for its role as the keeper of page-rankers is a necessity, growing more immediate by the day.
Disclosure: I spent a day as a guest of Avast’s corporate offices in Prague where some of these techniques were described.