Poisoned Google Image Searches Becoming a Problem

Orome1 writes "If you are a regular user of Google's image search, you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search results."

Violence is required

[erroneus]

The people who are doing this are criminals. They need to be stopped. It's as simple as that. Follow the money and beat the crap out of them until it stops.

Re:Use an alternative search.

[Pseudonym Authority]

Altavista, Ask and Bing have just been giving me more relevant search results lately.

Somewhat interestingly, and wildly offtopic, Altavista is powered by Yahoo, and Yahoo is powered by Bing, so you are really only using at most 2 search engines. (Ask also outsources to someone, but they don't say who, so it may very well be M!r0$0f+ as well).

Re:im glad im not the only one

[lennier1]

Like ASCII Goatse?
http://www.nerdgranny.com/ascii-goatse/ [nerdgranny.com]

Re:screenshots

[bmo]

I've seen it. It detects Chrome and puts up a fake Chrome screen.

The problem is that the dialog is modal and steals focus from Chrome. You can't simply close the tab. So you click, it does its "scan" and gives a heads-I-win-tails-you-lose dialog and you click that and you wind up downloading a windows executable, and that's when Chrome finally steps in and says "hey, this is an executable file, do you really want this?" and that's the only place you can say no-thanks.

The only other solution is to force-kill (kill -9) the entire Chrome window at the start.

Chrome should allow you to close a tab and anything else attached to it, at any time. The current situation is unacceptable from a user's POV.

I did this in Linux, but having wine installed means that this could be a vector for malware in Linux, too, with a little more work.

inb4 "but no malware writer cares about linux" and "hurr, wineserver is a user process, so it makes no sense to have autorun malware as a user" (as if anyone ever checks his .bashrc or .profile). The only thing I see as a barrier to this foolishness is the relative intelligence of your average Linux guy (me) versus the typical Windows user in deciding not to run something thrust at the browser for download from a bad website.

--
BMO

Re:Mac is vulnerable too

[cathector]

i've been on osx for about two years, and just yesterday had my first malware experience,
which is pretty much identical to Teckla's: i was in safari and followed a GIS link for "blanket octopus"
and clicked on one of the pictures, and got a pop-up browser with some "security scan in progres.." BS dialog.
no big deal.
but then the OSX package installer opened up, trying to install some obvious malware .mpkg which had been downloaded to my desktop.
downloading a file without my permission is already a total security fail, imo, but running the installer on it is beyond bad.
obviously i nixed the installer and power-cycled and so far haven't noticed anything untoward, but it's scary.
the name of the .mpkg was "MacProtector.mpkg". unfortunately i rm -rf'd without making an archive of it.
- google shows a few hits for that. so, in short, yeah, Teckla's experience matches mine.

Re:web 101: don't run unknown javascripts

[Anonymous Coward]

You can fix this by adding "&gbv=1" to your search search string. If you want it as a seach plugin save http://pastebin.com/GswQX4V5 as an xml file in your searchplugins folder.