ISSUE 18.39 • 2021-10-11 PUBLIC DEFENDER By Brian Livingston The top search result in Google is all too often a link to a website that’s been hacked t
[See the full post at: The first Google search result often leads to a virus]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
The first Google search result often leads to a virus
Home » Forums » Newsletter and Homepage topics » The first Google search result often leads to a virus
- This topic has 38 replies, 17 voices, and was last updated 1 year, 11 months ago.
AuthorTopicB. Livingston
AskWoody MVPViewing 14 reply threadsAuthorReplies-
HarryH3
AskWoody Lounger- Make Windows display file extensions, so you don’t click .js files posing as PDFs.
Windows Vista and later versions hide file extensions by default. With just a few clicks, you can force File Explorer and other programs to display these extensions, as explained in a CNET article.
How about an article ridiculing/shaming Microsoft for sticking with this default for so many years now? Hiding file extensions is absurd. (Then again, so is hiding parts of URL’s and disabling status bars in modern browsers). Perhaps some Luddites are confused by file extensions, but those hidden extensions come up time and again as an open door for malware to use as an easy entry point.
Those of us that know and care change the defaults, but the vast majority of users don’t even know that they should. Thanks to Microsoft, far too many of those users become infected. If their system just gets encrypted, then it’s just their problem. But if their system becomes part of a botnet, many others can suffer as a result. 🙁
-
rc primak
AskWoody_MVPLinux doesn’t even add the extension to .txt files. And what about hiding System Files and Directories? Or not showing file attributes by default? So Windows is not alone in hiding extensions and other elements which can identify files and directories. Sometimes end users have to do some work to make an OS interface safer. And no, newbies won’t know or even care about these “details”.
-- rc primak
-
anonymous
GuestI use the duckduckgo search engine. I submitted the Google queries you used in your article to duckduckgo. The results list for the manual were different from yours, but still contained some very sketchy links within the top six. I did not try following them.
Surprisingly, the party wall search yielded what appears to be the exact same result in the top position (except that the text excerpt is different). Clicking on it yields the exact same website (a bogus forum) as shown in your case.
You say that Google is the only search engine that’s being targeted. Does this not seem to indicate that that is not the case, and that other search engines also need to clean up their act?
Bret Sutton
1 user thanked author for this post.
-
rc primak
AskWoody_MVP -
WSeikelein
AskWoody Plus
-
blueboy714
AskWoody Plusrc primak
AskWoody_MVP“It would be better to notify the operators that their hacked sites will be removed from search results starting today, until the affected servers are clean.”
I remember a few years back, AskWoody got blacklisted by either Google or one of those AV company advisory services, when the site got infected with a single-pixel piece of malware. It took months of bickering and untold money to find and clean up the malware, and to get Google to reinstate AskWoody in their search results.
This is not an ideal approach. Sorry, try again.
As for “don’t use Google”, that’s really like saying “use Linux”. If enough people shift to another provider, that provider becomes the new target of choice. And a vicious cycle results. “Security through obscurity” only works until the alternatives become popular.
(In the Linux example, there may be some (temporary) real security benefit, if new Linux users know and implement “hardening” techniques which are not turned on by default in Linux. But that’s beyond the scope of this thread.)
-- rc primak
Rick Corbett
AskWoody MVPTwo days ago I searched in Edge for ‘offline malware scanner’ on a newly-provisioned Windows 10 install.
Like anonymous above – I noticed several of the top few search results returned were all very suspect ads.
I don’t think the problem is confined to Google at all.
-
rc primak
AskWoody_MVP -
Rick Corbett
AskWoody MVPEver tried searching Google for Malwarebytes? The top return used to be a malware fake AV. (I believe that’s been fixed for some time, but it’s not the only such ironic example.)
Two days ago… the top 3 results in Bing after search for malwarebytes free…
Click on image to enlarge
-
Rick Corbett
AskWoody MVP-
b
ManagerI tried hard but wasn’t able to reproduce your results for both searches using Bing in Edge, even after disabling ad and tracking blockers (and also trying from an InPrivate window, and from my Android phone).
But what is suspicious about those ad results anyway? As an example, the third result in the first search, which is the same as the second result in the second search:
https://www.antivirussoftwareguide.com/anti-malware
Anything suspicious about that site? Anything there that’s dangerous like the javascript download from the top Google results in the article?
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
-
Rick Corbett
AskWoody MVPAnything suspicious about that site? Anything there that’s dangerous like the javascript download from the top Google results in the article?
From its Advertising Disclosure page:
In order to keep this website free to consumers, we receive advertising revenue from some of the antivirus companies featured which can impact how and where products appear the this site (including, for example, the order in which they appear, additional banner advertising and site behaviour such as direct downloads).
So, it admits that its results are biased based on the the payments it receives. Would I recommend a site with such clear conflicts of interest? No, I would not.
Is it suspicious? Yes… because it purports to do one thing (i.e. report on the best) yet openly admits skewing the results. I am suspicious of its motives. 🙂
-
b
Manager -
Rick Corbett
AskWoody MVP -
b
ManagerI asked whether there was anything dangerous there, and although you quoted the question you didn’t answer it:
Anything there that’s dangerous like the javascript download from the top Google results in the article?
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
-
-
-
bbearren
AskWoody MVPHow to protect yourself against viruses in Google search results
Don’t use Google.
I haven’t used Google for a few years, now, since I first read about their paid rankings in search results. My Firefox browser homepage is DuckDuckGo, and one of the links in my bookmarks toolbar is Startpage.
Always create a fresh drive image before making system changes/Windows updates; you may need to start over!We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.Alex5723
AskWoody PlusI first read about their paid rankings in search results…one of the links in my bookmarks toolbar is Startpage
“In October 2019, Privacy One Group, owned by adtech company System1, acquired a majority stake in Startpage but, according to the company, its “founders may unilaterally reject any potential technical change that could negatively affect user privacy”.[”
-
bbearren
AskWoody MVP“In October 2019, Privacy One Group, owned by adtech company System1, acquired a majority stake in Startpage but, according to the company, its “founders may unilaterally reject any potential technical change that could negatively affect user privacy”
Yes, I read that too.
My Firefox browser homepage is DuckDuckGo, and one of the links in my bookmarks toolbar is Startpage.
What I did not say is that I only use Startpage from a private window in Firefox. It’s easy to get to from the bookmarks toolbar.
Always create a fresh drive image before making system changes/Windows updates; you may need to start over!We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.
anonymous
GuestHello, I think the article is interesting and gives good points. I would like to point out the with Firefox, at least with the 78 ESR, one can go to: HELP, “Report a Deceptive site” and send it off to Google.
If you are redirected to another site, quickly, go to: Help, Report a Deceptive site, and it will switch the site over to Google with the web address it captured. You can then give comments and send it on its way to them for review.
2 users thanked author for this post.
Rush2112
AskWoody Pluswdyblash
AskWoody PlusI just assume that the ads at the top of the search results are sketchy. I don’t click on them. I will scroll down past the ads to find what appears to be a real url for a real company that at least seems to be related to my search. I still hover over the address to check that it matches what I think it should be. May not be foolproof but it seems to work.
As far as the ads are concerned, I don’t feel like contributing to an advertising campaign, that might not be what it appears to be.
-
wdburt1
AskWoody PlusI realize that increasingly I am instinctively skipping those “ad” results, too–though based on Brian’s good article I will have to pay attention more consistently.
I increasingly inspect URL’s before opening.
And my internet computer is armed to the teeth.
What’s troubling is that I don’t see what other meaningful steps I can take to protect myself from this sudden-death malware infection scenario, day in and day out. I use Google a lot. As has been said above, another search engine will be targeted as soon as it becomes popular.
-
anonymous
GuestCommon Sense is still usable, IF available to you!
It would be C.S. that the main URL to a company called Malwarebytes, whose main product is called Malwarebytes, is probably NOT going to be something like:
irapeyourdogstealyourstuffandhumpuranus.biz
Unless that is a new Facezuck mirror?
OscarCP
MemberIs this much more likely to happen when one is looking for some kind of commonly sought after information, rather than for information on more specialized topics?
For example, is the risk of infection with malware quite different when looking for information on “current US bank mortgage rates”, versus “use of reflectometry from LEO satellites to quantify sea state”? Or does the malware echoes the key words in the title of the bogus Web page, so the topic being searched does not matter all that much?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Rush2112
AskWoody Plus -
wdburt1
AskWoody PlusFunny thing, that same question occurred to me just now but I couldn’t frame it well, so didn’t.
I have a hunch that my specialized searches might not be targeted so much. Certainly, a dead-on-result from an unfamiliar web site would stand out.
1 user thanked author for this post.
Bob99
AskWoody PlusWhat Brian’s article describes is malicious SEO (Search Engine Optimization), and he happens to illustrate how that affects the results on Google, because Google is the biggest target for the bad actors.
As has been illustrated above by others, this also has happened to Bing. I would venture a guess that it has also happened to Yahoo and StartPage as well, since they are search engines themselves in their own right.
As has also been pointed out above by @rc-primak , DuckDuck Go is the same as Google, but stripped of Google’s unwelcome invasion of privacy, so it can be affected by malicious SEO as well.
Basically, be careful sifting through results for searches, and pay attention to the actual URLs of the links provided by hovering your mouse over them to make sure they go where the text in the result says they go. One way to help this concept out is to have your browser display what’s called “punycode” that can make text look like one word but actually be another. @Microfix can fill in the details of exactly what punycode is more than this basic explanation.
-
b
Manager -
Rick Corbett
AskWoody MVP -
b
ManagerNo one in this thread discovered any malicious SEO via Bing either.
The article was specifically NOT about paid advertisements appearing in search results:
There’s a good chance that the user will click the Google link that shows up, because the search hit looks like a natural result, given that it’s not a paid ad or a sponsored link.
Search crimes – how the Gootkit gang poisons Google searches
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
-
-
OscarCP
MemberMacs always display the file extension, wherever and whenever a file is listed inside a folder, or appears on the desktop, or is listed using the command line: in all cases and circumstances. Also I don’t remember the file extensions being hidden in Windows 7. So I am surprised to hear about this.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV-
PKCano
ManagerMacs always display the file extension, wherever and whenever a file is listed inside a folder, or appears on the desktop, or is listed using the command line: in all cases and circumstances.
Showing the file extension is also an option in MacOS, not the default.
Your Mac shows file extensions becaue the box was checked at some point by whoever changed it. -
OscarCP
MemberPK, My Mac came like this from Apple, i.e. set to show the file extensions, the day I bought it, so I did not realize that the fiddle you point out even existed.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
b
ManagerAlso I don’t remember the file extensions being hidden in Windows 7. So I am surprised to hear about this.
Woody campaigned against file extensions being hidden by default in Windows 7 for years:
Yet another reason for showing filename extensions
Posted on April 19th, 2016 at 13:05 by woodyI take flak, from time to time, from well-intentioned folks who say my insistence on having Windows show filename extensions is archaic.
Take a look at this report from Microsoft that describes several Trojans and how they’re dropped in spam emails.
If the person who created the screenshots had filename extensions turned off, the telltale “.js” wouldn’t appear in the listings of zipped files.
From page 3 of “Windows 7 All-In-One For Dummies” –
Click Start and pick Documents. Press the Alt key on your keyboard. Choose Tools > Folder options, then click to select the View tab. At the bottom of the Advanced Settings box, deselect the option marked “Hide Extensions for Known File Types.” Click OK.
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
AlexEiffel
AskWoody_MVPSome people commented that Duckduckgo’s search results are from Google. In the past and from what I found online with a quick search, it doesn’t come from Google at all.
Maybe that is why I got frustrated with them quickly after trying it for a few days a while ago.
Excerpt from Wikipedia :
“DuckDuckGo’s results are a compilation of “over 400″ sources, including Yahoo! Search BOSS, Wolfram Alpha, Bing, Yandex, its own web crawler (the DuckDuckBot) and others. It also uses data from crowdsourced sites, including Wikipedia, to populate knowledge panel boxes to the right of the results.”
Unfortunately, I don’t find that anything else comes close to Google.
That was a great article from Brian, again.
This might be a threat that could become even worse than email because normal users have a harder time identifying those search results they looked for as illegitimate than an unexpected email.
Using SRP like someone mentioned or hardened mode in Avast or an equivalent seems like a good idea to mitigate the risk in part. Again, Microsoft, why do you keep Applocker unavailable to Home and Pro version? Security shouldn’t be an option for big businesses only in your OS, especially when it involves no costly ongoing maintenance like it is probably the case for Applocker. If you can give Defender to everyone, sure you could include Applocker.
-
rc primak
AskWoody_MVPYou should not be relying on your antivirus program to protect you from malicious web sites. If they are not clearly marked as ads, there should be some way to distinguish between legitimate sites and malicious or simply useless sites.
As of now, there is no sure-fire way to tell the difference between a bad site and a good one, except after you’ve been there. And don’t get me started on reputation services — it took a long, hard struggle to get such services to reinstate AskWoody after a single-pixel injection malware attack here a few years back.
-- rc primak
-
OscarCP
Memberrc primak: “As of now, there is no sure-fire way to tell the difference between a [Web site that is a] bad site and a good one, except after you’ve been there”
Quite true, unfortunately. The way of the world, Internet-wise, is going to turn us all into suspicious, sniffing bloodhounds seeking the scent of our possibly awaiting doom. (Phrasing purple enough for you?)
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Viewing 14 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Strange problem after upgrade from Win10Pro 22H2 to Win11Pro 22H2
by
JohnH
1 hour, 57 minutes ago -
Return Full Context Menus to File Explorer
by
RetiredGeek
6 hours, 29 minutes ago -
Unusual Activity on Startup
by
Kenneth Stephens
10 hours, 20 minutes ago -
Windows Backup – incremental possible?
by
colin_thames
8 hours, 32 minutes ago -
New HD addition??
by
weendoggy
14 hours, 15 minutes ago -
Defcon 4 and Windows 11
by
cmar6
15 hours, 19 minutes ago -
Add-ins keep disappearing
by
hession
12 hours, 44 minutes ago -
MS-DEFCON 4: Is Windows 11 really a disaster?
by
Susan Bradley
39 minutes ago -
The Takahē is not extinct afterall
by
lylejk
1 day ago -
How to unbloc W10pro from moving to W11
by
hession
1 day, 14 hours ago -
Windows 11, Surface, and Windows Copilot
by
Will Fastie
1 hour, 36 minutes ago -
Why File Explorer keeps me on Windows
by
Josh Hendrickson
9 hours, 23 minutes ago -
Uninstalr — “World’s best cup of coffee”
by
Deanna McElveen
6 hours, 21 minutes ago -
Locked out of your refurbished computer?
by
Susan Bradley
6 hours, 4 minutes ago -
Thunderbird 115: Changing font size in the Message Panel
by
WCHS
1 day, 12 hours ago -
Lenovo ThinkPad not updating to Windows 11 22H2
by
Gordski
4 hours, 21 minutes ago -
Android Security
by
Magic66
1 day, 14 hours ago -
What happened to the manual?
by
Susan Bradley
1 day, 5 hours ago -
OK to Restore Files From a Possibly Hacked Computer?
by
kc27
2 days, 4 hours ago -
Startup loop after adding new user and installing File Explore Patch
by
PFC
3 days, 5 hours ago -
RoboCops comes to NYPD. You have the right to remain cyborg
by
Alex5723
3 days, 11 hours ago -
iOS 17 : New Safari Privat Search Engines
by
Alex5723
3 days, 12 hours ago -
Photos App running in background
by
Tom
2 days, 8 hours ago -
IPV6 Issue Win10 22H2 August Update
by
Win7and10
3 days, 10 hours ago -
Windows 11 Insider Preview build 23550 released to DEV
by
joep517
4 days, 10 hours ago -
Windows 11 Build 22621.2361 (22H2) released to Release Preview
by
joep517
4 days, 10 hours ago -
Lately I’ve been getting qr code spam attacks
by
Susan Bradley
4 days, 14 hours ago -
ghacks Wants Edge – FF Browser Update to View – hack/redirect
by
CraigS26
3 days, 11 hours ago -
iOS 17 : If your new iPhone gets stuck on the Apple logo when you transfer…
by
Alex5723
4 days, 21 hours ago -
Apple zero days out – September 2023
by
Susan Bradley
9 hours, 48 minutes ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.