I usually avoid talking about anything Serious here, it’s Facebook after all and I am not immune to irony. But, I want to raise awareness about a newly popular form of Internet Badness: Search Engine Poisoning now that I’m starting to see it turn up in normally “safe” areas.
Say you search from something relatively obscure, something medievalists do quite a bit. And, down the results page(s) a ways, you start seeing search results from dodgy sounding domains that none the less appear to have a page all about what you are looking for. Do Not Click that link.
Example search term: “Weird Viking Rituals”
And one of the results is: “pncxx.info > weird_viking_rituals”
Hell that sounds perfect. You click the link and you get a (seemingly) blank page. Or, even worse, you get a PDF file. Welcome to getting infected by malware. Bad guys are managing to inject dynamically constructed URLs into Google search results to lead the unwary into a minefield of malware.
- Pay attention to domain names.
- Avoid ones that are misspelled or have an odd TLD.
- Be suspicious of any link that includes misspellings.
- Always browse from the safest config you can manage
- Never open PDFs from an untrusted source
I recommend browsing from a fully patched and locked down Firefox, preferably running in a VM that you can burn if you suspect an infection. That’s not 100%, but it’s very good and it’s almost zero impact to use once setup.