Hackers 'poison' search engine results

Hackers are increasingly using websites rather than email attachments to spread malicious code, security watchers have warned.

In its six-monthly Web Security Trends Report, Websense noted that online criminals may be subverting search engines in a bid to direct unwitting internet users to web pages containing malware.

The report states that, as increasing numbers of companies are blocking email attachments at the firewall, hackers are embedding code in web pages. To try and persuade users to visit websites with the code installed they are trying to get them ranked highly in search engine results.

"[We] believe that an increase in 'poisoning' search results and DNS servers from the most popular search engines is possible," said report author Dan Hubbard, senior director at Websense.

"In this scenario, attackers ensure that their sites appear high in the return lists of queries. When users visit those sites, they are infected. For example, in a search for anti-spyware a list of sites infected with spyware might actually top the list."

The most common attacks from websites included trying to install Trojans or other malicious code, which accounted for two thirds of attacks, or trying to install a new home page and bookmarks on the owner's browser, which accounted for over a quarter of attacks.

In its conclusion the report predicted that these problems will only get worse. It warns that the hacking community is getting increasingly organised, capitalising on the amount of time it is taking to organise international law and governance.