Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Google Search: More Links Are Malicious Than You Realize

April 05, 2010 - 2 min read
It is not uncommon to find malicious links in 15% to 20% of the first 100 results returned by Google for any popular search term (according to Google trends). If Google doesn’t take the Blackhat SEO problem more seriously, the total number of malicious links is bound to increase and this may already be happening.


The top search on April 2nd was “tri energy”. I am not sure why it became so popular, but don’t google it: more than 90% of the first 100 links are malicious! Here is what I found for this search on April 4th:



  • 86 links were sending users directly to a malicious, fake antivirus page that tries to install malware. This is the same issue, with the same domain name (xorg.pl) involved in most of the redirections that I detailed in a previous post.
  • 4 malicious links were down or Google displayed a warning page
  • The first 5 links on the first page of results were legitimate






One of the too few warnings from Google


Same search on Bing and Yahoo



For the same search, Bing did not show any malicious links. Yahoo! displayed 4 malicious links on pages 2, 6 and 7. At this point, I’m not sure if Bing and Yahoo! do a better job at cleaning up their search results, or if they are simply slower at picking up new pages.



8 hours later



I have re-scanned the Google results 8 hours later and things are a bit better. There are still only 10 legitimate links in the first 100 results, but Google displays a warning for 87 links. Only 3 malicious links redirect to a harmful site.




Google warns the users to not follow these links. Why do they even show them?




Not an exception




This number of malicious links may be extreme in this example, but the overall problem of attackers leveraging SEO optimization is not rare at all. For the same day, the #5 Google Trends search term,  “epic google”, 50% of the first 100 links are malicious. For the #2 search term, “mendicant”, 38% of the links are malicious. It took 2 days to Google to start clean up the results, from April 2nd to April 5th in the morning.



I do not understand why Google decides to include malicious links in their search results. Depending on the user’s browser version, clicking on these links can be harmful to users, or display useless content. In both cases, users do not want to visit these sites.



-- Julien


form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.