ISSUE 18.39 • 2021-10-11 PUBLIC DEFENDER By Brian Livingston The top search result in Google is all too often a link to a website that’s been hacked t
[See the full post at: The first Google search result often leads to a virus]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
The first Google search result often leads to a virus
Home » Forums » Newsletter and Homepage topics » The first Google search result often leads to a virus
- This topic has 38 replies, 16 voices, and was last updated 1 year, 3 months ago.
AuthorTopicB. Livingston
AskWoody MVPOctober 11, 2021 at 2:45 am #2395065Viewing 14 reply threadsAuthorReplies-
HarryH3
AskWoody LoungerOctober 11, 2021 at 5:50 am #2395085- Make Windows display file extensions, so you don’t click .js files posing as PDFs.
Windows Vista and later versions hide file extensions by default. With just a few clicks, you can force File Explorer and other programs to display these extensions, as explained in a CNET article.
How about an article ridiculing/shaming Microsoft for sticking with this default for so many years now? Hiding file extensions is absurd. (Then again, so is hiding parts of URL’s and disabling status bars in modern browsers). Perhaps some Luddites are confused by file extensions, but those hidden extensions come up time and again as an open door for malware to use as an easy entry point.
Those of us that know and care change the defaults, but the vast majority of users don’t even know that they should. Thanks to Microsoft, far too many of those users become infected. If their system just gets encrypted, then it’s just their problem. But if their system becomes part of a botnet, many others can suffer as a result. 🙁
-
rc primak
AskWoody_MVPOctober 11, 2021 at 7:35 am #2395106Linux doesn’t even add the extension to .txt files. And what about hiding System Files and Directories? Or not showing file attributes by default? So Windows is not alone in hiding extensions and other elements which can identify files and directories. Sometimes end users have to do some work to make an OS interface safer. And no, newbies won’t know or even care about these “details”.
-- rc primak
-
anonymous
GuestOctober 11, 2021 at 7:01 am #2395069I use the duckduckgo search engine. I submitted the Google queries you used in your article to duckduckgo. The results list for the manual were different from yours, but still contained some very sketchy links within the top six. I did not try following them.
Surprisingly, the party wall search yielded what appears to be the exact same result in the top position (except that the text excerpt is different). Clicking on it yields the exact same website (a bogus forum) as shown in your case.
You say that Google is the only search engine that’s being targeted. Does this not seem to indicate that that is not the case, and that other search engines also need to clean up their act?
Bret Sutton
1 user thanked author for this post.
-
rc primak
AskWoody_MVP -
WSeikelein
AskWoody Plus
-
blueboy714
AskWoody Plusrc primak
AskWoody_MVPOctober 11, 2021 at 7:41 am #2395108“It would be better to notify the operators that their hacked sites will be removed from search results starting today, until the affected servers are clean.”
I remember a few years back, AskWoody got blacklisted by either Google or one of those AV company advisory services, when the site got infected with a single-pixel piece of malware. It took months of bickering and untold money to find and clean up the malware, and to get Google to reinstate AskWoody in their search results.
This is not an ideal approach. Sorry, try again.
As for “don’t use Google”, that’s really like saying “use Linux”. If enough people shift to another provider, that provider becomes the new target of choice. And a vicious cycle results. “Security through obscurity” only works until the alternatives become popular.
(In the Linux example, there may be some (temporary) real security benefit, if new Linux users know and implement “hardening” techniques which are not turned on by default in Linux. But that’s beyond the scope of this thread.)
-- rc primak
Rick Corbett
AskWoody_MVPOctober 11, 2021 at 7:45 am #2395110Two days ago I searched in Edge for ‘offline malware scanner’ on a newly-provisioned Windows 10 install.
Like anonymous above – I noticed several of the top few search results returned were all very suspect ads.
I don’t think the problem is confined to Google at all.
-
rc primak
AskWoody_MVP -
Rick Corbett
AskWoody_MVPOctober 11, 2021 at 8:18 am #2395124Ever tried searching Google for Malwarebytes? The top return used to be a malware fake AV. (I believe that’s been fixed for some time, but it’s not the only such ironic example.)
Two days ago… the top 3 results in Bing after search for malwarebytes free…
Click on image to enlarge
Attachments:
You must be logged in to access attached files.
-
Rick Corbett
AskWoody_MVP-
b
ManagerOctober 11, 2021 at 1:23 pm #2395196I tried hard but wasn’t able to reproduce your results for both searches using Bing in Edge, even after disabling ad and tracking blockers (and also trying from an InPrivate window, and from my Android phone).
But what is suspicious about those ad results anyway? As an example, the third result in the first search, which is the same as the second result in the second search:
https://www.antivirussoftwareguide.com/anti-malware
Anything suspicious about that site? Anything there that’s dangerous like the javascript download from the top Google results in the article?
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
-
Rick Corbett
AskWoody_MVPOctober 12, 2021 at 5:42 am #2395368Anything suspicious about that site? Anything there that’s dangerous like the javascript download from the top Google results in the article?
From its Advertising Disclosure page:
In order to keep this website free to consumers, we receive advertising revenue from some of the antivirus companies featured which can impact how and where products appear the this site (including, for example, the order in which they appear, additional banner advertising and site behaviour such as direct downloads).
So, it admits that its results are biased based on the the payments it receives. Would I recommend a site with such clear conflicts of interest? No, I would not.
Is it suspicious? Yes… because it purports to do one thing (i.e. report on the best) yet openly admits skewing the results. I am suspicious of its motives. 🙂
-
b
ManagerOctober 12, 2021 at 7:47 am #2395414Is it suspicious? Yes…
Is it dangerous? No…
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
-
Rick Corbett
AskWoody_MVP -
b
ManagerOctober 12, 2021 at 9:21 am #2395440I asked whether there was anything dangerous there, and although you quoted the question you didn’t answer it:
Anything there that’s dangerous like the javascript download from the top Google results in the article?
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
-
-
-
bbearren
AskWoody MVPOctober 11, 2021 at 10:34 am #2395168How to protect yourself against viruses in Google search results
Don’t use Google.
I haven’t used Google for a few years, now, since I first read about their paid rankings in search results. My Firefox browser homepage is DuckDuckGo, and one of the links in my bookmarks toolbar is Startpage.
Create a fresh drive image before making system changes/Windows updates, in case you need to start over!We all have our own reasons for doing the things that we do. We don't all have to do the same things.Alex5723
AskWoody PlusOctober 11, 2021 at 11:11 am #2395182I first read about their paid rankings in search results…one of the links in my bookmarks toolbar is Startpage
“In October 2019, Privacy One Group, owned by adtech company System1, acquired a majority stake in Startpage but, according to the company, its “founders may unilaterally reject any potential technical change that could negatively affect user privacy”.[”
-
bbearren
AskWoody MVPOctober 11, 2021 at 2:33 pm #2395208“In October 2019, Privacy One Group, owned by adtech company System1, acquired a majority stake in Startpage but, according to the company, its “founders may unilaterally reject any potential technical change that could negatively affect user privacy”
Yes, I read that too.
My Firefox browser homepage is DuckDuckGo, and one of the links in my bookmarks toolbar is Startpage.
What I did not say is that I only use Startpage from a private window in Firefox. It’s easy to get to from the bookmarks toolbar.
Create a fresh drive image before making system changes/Windows updates, in case you need to start over!We all have our own reasons for doing the things that we do. We don't all have to do the same things.
anonymous
GuestOctober 11, 2021 at 11:52 am #2395186Hello, I think the article is interesting and gives good points. I would like to point out the with Firefox, at least with the 78 ESR, one can go to: HELP, “Report a Deceptive site” and send it off to Google.
If you are redirected to another site, quickly, go to: Help, Report a Deceptive site, and it will switch the site over to Google with the web address it captured. You can then give comments and send it on its way to them for review.
2 users thanked author for this post.
Rush2112
AskWoody Pluswdyblash
AskWoody PlusOctober 11, 2021 at 6:41 pm #2395261I just assume that the ads at the top of the search results are sketchy. I don’t click on them. I will scroll down past the ads to find what appears to be a real url for a real company that at least seems to be related to my search. I still hover over the address to check that it matches what I think it should be. May not be foolproof but it seems to work.
As far as the ads are concerned, I don’t feel like contributing to an advertising campaign, that might not be what it appears to be.
-
wdburt1
AskWoody PlusOctober 12, 2021 at 12:14 pm #2395482I realize that increasingly I am instinctively skipping those “ad” results, too–though based on Brian’s good article I will have to pay attention more consistently.
I increasingly inspect URL’s before opening.
And my internet computer is armed to the teeth.
What’s troubling is that I don’t see what other meaningful steps I can take to protect myself from this sudden-death malware infection scenario, day in and day out. I use Google a lot. As has been said above, another search engine will be targeted as soon as it becomes popular.
-
anonymous
GuestOctober 14, 2021 at 1:30 pm #2395956Common Sense is still usable, IF available to you!
It would be C.S. that the main URL to a company called Malwarebytes, whose main product is called Malwarebytes, is probably NOT going to be something like:
irapeyourdogstealyourstuffandhumpuranus.biz
Unless that is a new Facezuck mirror?
OscarCP
MemberOctober 11, 2021 at 7:32 pm #2395282Is this much more likely to happen when one is looking for some kind of commonly sought after information, rather than for information on more specialized topics?
For example, is the risk of infection with malware quite different when looking for information on “current US bank mortgage rates”, versus “use of reflectometry from LEO satellites to quantify sea state”? Or does the malware echoes the key words in the title of the bogus Web page, so the topic being searched does not matter all that much?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Rush2112
AskWoody Plus -
wdburt1
AskWoody PlusOctober 12, 2021 at 12:16 pm #2395486Funny thing, that same question occurred to me just now but I couldn’t frame it well, so didn’t.
I have a hunch that my specialized searches might not be targeted so much. Certainly, a dead-on-result from an unfamiliar web site would stand out.
1 user thanked author for this post.
Bob99
AskWoody PlusOctober 11, 2021 at 8:44 pm #2395295What Brian’s article describes is malicious SEO (Search Engine Optimization), and he happens to illustrate how that affects the results on Google, because Google is the biggest target for the bad actors.
As has been illustrated above by others, this also has happened to Bing. I would venture a guess that it has also happened to Yahoo and StartPage as well, since they are search engines themselves in their own right.
As has also been pointed out above by @rc-primak , DuckDuck Go is the same as Google, but stripped of Google’s unwelcome invasion of privacy, so it can be affected by malicious SEO as well.
Basically, be careful sifting through results for searches, and pay attention to the actual URLs of the links provided by hovering your mouse over them to make sure they go where the text in the result says they go. One way to help this concept out is to have your browser display what’s called “punycode” that can make text look like one word but actually be another. @Microfix can fill in the details of exactly what punycode is more than this basic explanation.
-
b
ManagerOctober 12, 2021 at 9:33 am #2395446As has been illustrated above by others, this also has happened to Bing.
No one in this thread found a malicious JavaScript file via Bing.
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
-
Rick Corbett
AskWoody_MVP -
b
ManagerOctober 12, 2021 at 10:08 am #2395451No one in this thread discovered any malicious SEO via Bing either.
The article was specifically NOT about paid advertisements appearing in search results:
There’s a good chance that the user will click the Google link that shows up, because the search hit looks like a natural result, given that it’s not a paid ad or a sponsored link.
Search crimes – how the Gootkit gang poisons Google searches
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
-
-
OscarCP
MemberOctober 11, 2021 at 10:33 pm #2395328Macs always display the file extension, wherever and whenever a file is listed inside a folder, or appears on the desktop, or is listed using the command line: in all cases and circumstances. Also I don’t remember the file extensions being hidden in Windows 7. So I am surprised to hear about this.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV-
PKCano
ManagerOctober 12, 2021 at 7:29 am #2395401Macs always display the file extension, wherever and whenever a file is listed inside a folder, or appears on the desktop, or is listed using the command line: in all cases and circumstances.
Showing the file extension is also an option in MacOS, not the default.
Your Mac shows file extensions becaue the box was checked at some point by whoever changed it.Attachments:
You must be logged in to access attached files.
-
OscarCP
MemberOctober 14, 2021 at 1:54 pm #2395965PK, My Mac came like this from Apple, i.e. set to show the file extensions, the day I bought it, so I did not realize that the fiddle you point out even existed.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
b
ManagerOctober 12, 2021 at 10:37 am #2395459Also I don’t remember the file extensions being hidden in Windows 7. So I am surprised to hear about this.
Woody campaigned against file extensions being hidden by default in Windows 7 for years:
Yet another reason for showing filename extensions
Posted on April 19th, 2016 at 13:05 by woodyI take flak, from time to time, from well-intentioned folks who say my insistence on having Windows show filename extensions is archaic.
Take a look at this report from Microsoft that describes several Trojans and how they’re dropped in spam emails.
If the person who created the screenshots had filename extensions turned off, the telltale “.js” wouldn’t appear in the listings of zipped files.
From page 3 of “Windows 7 All-In-One For Dummies” –
Click Start and pick Documents. Press the Alt key on your keyboard. Choose Tools > Folder options, then click to select the View tab. At the bottom of the Advanced Settings box, deselect the option marked “Hide Extensions for Known File Types.” Click OK.
Windows 11 Pro version 22H2 build 22621.1194 + Microsoft 365/Edge
AlexEiffel
AskWoody_MVPOctober 12, 2021 at 9:45 am #2395448Some people commented that Duckduckgo’s search results are from Google. In the past and from what I found online with a quick search, it doesn’t come from Google at all.
Maybe that is why I got frustrated with them quickly after trying it for a few days a while ago.
Excerpt from Wikipedia :
“DuckDuckGo’s results are a compilation of “over 400″ sources, including Yahoo! Search BOSS, Wolfram Alpha, Bing, Yandex, its own web crawler (the DuckDuckBot) and others. It also uses data from crowdsourced sites, including Wikipedia, to populate knowledge panel boxes to the right of the results.”
Unfortunately, I don’t find that anything else comes close to Google.
That was a great article from Brian, again.
This might be a threat that could become even worse than email because normal users have a harder time identifying those search results they looked for as illegitimate than an unexpected email.
Using SRP like someone mentioned or hardened mode in Avast or an equivalent seems like a good idea to mitigate the risk in part. Again, Microsoft, why do you keep Applocker unavailable to Home and Pro version? Security shouldn’t be an option for big businesses only in your OS, especially when it involves no costly ongoing maintenance like it is probably the case for Applocker. If you can give Defender to everyone, sure you could include Applocker.
-
rc primak
AskWoody_MVPOctober 18, 2021 at 8:09 pm #2396627You should not be relying on your antivirus program to protect you from malicious web sites. If they are not clearly marked as ads, there should be some way to distinguish between legitimate sites and malicious or simply useless sites.
As of now, there is no sure-fire way to tell the difference between a bad site and a good one, except after you’ve been there. And don’t get me started on reputation services — it took a long, hard struggle to get such services to reinstate AskWoody after a single-pixel injection malware attack here a few years back.
-- rc primak
-
OscarCP
MemberOctober 18, 2021 at 8:21 pm #2396629rc primak: “As of now, there is no sure-fire way to tell the difference between a [Web site that is a] bad site and a good one, except after you’ve been there”
Quite true, unfortunately. The way of the world, Internet-wise, is going to turn us all into suspicious, sniffing bloodhounds seeking the scent of our possibly awaiting doom. (Phrasing purple enough for you?)
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Viewing 14 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Convincing the XPS 13 to perform to its potential
by
Ascaris
2 hours, 40 minutes ago -
Sysinternals Revisions to Add Windows on ARM64 Support
by
Alex5723
4 hours, 29 minutes ago -
Android : Shady reward apps on Google Play amass 20 million downloads
by
Alex5723
6 hours, 15 minutes ago -
How to Upgrade to Windows 11 Version 22H2 on unsupported PCs
by
EyesOnWindows
9 hours, 41 minutes ago -
Mouse/Flash drive problem
by
BobStr
11 hours, 17 minutes ago -
Signal – losing SMS ability soon. Best alternative ?
by
samak
14 hours, 36 minutes ago -
Windows 7 Pro Fails to Boot…intermittently
by
bwsantana
3 hours, 55 minutes ago -
How to send cash to website?
by
No Money
1 hour, 2 minutes ago -
Meet SH1mmer, the big bad Chromebook exploit no one is talking about
by
Alex5723
16 hours, 58 minutes ago -
Windows 10 Backup Fails to Complete, No Clue What to Do About It
by
Hiawatha
5 hours, 48 minutes ago -
2023 Plus Member Survey
by
WShlewton
10 hours, 39 minutes ago -
Windows 11 22H2 how to restart the search for updates ?
by
Marvel Wars
4 hours, 23 minutes ago -
Apple announces new Mac products
by
Will Fastie
1 day, 4 hours ago -
How to choose and use the best PowerToys for Windows 10/11
by
Lance Whitney
3 hours, 38 minutes ago -
Volume² — a comfortable, useful addition to Windows
by
Deanna McElveen
3 hours, 3 minutes ago -
Passwords don’t work — until they do
by
Susan Bradley
16 hours, 51 minutes ago -
Touchpad no longer working
by
Tom
1 day, 5 hours ago -
Microsoft : Excel : Blocking XLL add-ins from the Internet
by
Alex5723
1 day, 14 hours ago -
want free audio to text transcription output
by
Trainpacer
1 day, 10 hours ago -
Windows 10 Mail showing wrong date and time in sent mail
by
LHiggins
1 day, 19 hours ago -
Need help with an excel formula
by
WSncordero33
1 day, 19 hours ago -
Duplicate entry for a contact in Messages for Web
by
WSSebastian42
2 days, 4 hours ago -
Printers can drive you insane
by
Susan Bradley
15 hours, 28 minutes ago -
Having issues using paypal to subscribe?
by
Susan Bradley
2 days, 3 hours ago -
Bitwarden Password Manager users are being targeted by phishing ads on Google
by
Alex5723
1 day, 18 hours ago -
power consumption
by
Slowpoke47
2 days, 12 hours ago -
new: Fix problems using Windows Update option
by
Alex5723
1 day, 17 hours ago -
backup of …xlk
by
beethoven
1 day ago -
Microsoft you have made this confusing
by
Susan Bradley
1 day, 4 hours ago -
Folder Differences?
by
WSmmi16
21 hours, 42 minutes ago
Recent blog posts
- Apple announces new Mac products
- How to choose and use the best PowerToys for Windows 10/11
- Volume² — a comfortable, useful addition to Windows
- Passwords don’t work — until they do
- Printers can drive you insane
- Microsoft you have made this confusing
- MS-DEFCON 4: Patching weather is clearing
- “What can I use my old computers for?”
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.