I’ve had a few customers’ PCs experience infections recently, and I thought this would be a good time to discuss one of the vectors for such an attack. It is called Search Poisoning, and its discussed in this article from a couple of years ago.
The author brings up a few good points, and I think they can be boiled down to one golden rule: Know Upon What Thou art Clicking.
I like to advise my clients to take an extra second and use the tools we have available to us. Principle among these is to mouse over the link and look at the target URL; if it goes somewhere that sounds unusual or foreign, or isn’t what the link text would lead one to expect, then don’t click that.
So, for instance, if you were interested in finding the most effective anti virus products, you might type in a search for ‘best anti virus’. (As an aside, I just did enter that search, and didn’t get any poisoned results on the first page, so it isn’t a good contrived example. Lets pretend it is.)
If there was a result such as ‘bestantivirus.com’ or event better, .ru, .cn, or .pl, I would strongly recommend giving it a pass. Sites that go to foreign addresses, and sites that have a narrowly-scoped address are often invitations to infection. It is good practice to assume that there is no reason for a site to have a very narrowly defined address except as a lure to the unwary.
So when surfing around online, it pays to take the extra sec and ask yourself, just what are you looking at?