Skip to content


Microsoft Fights Porn Searches

Computerworld, via CSO, is claiming that people searching for porn are “attacking” Microsoft’s platform with “poison”.

Microsoft on Saturday disabled the search tool on its Safety & Security Center after attackers poisoned results with links to pornographic URLs.

[…]

Although search poisoning is not unusual — it’s a well-worn tactic by those hoping to spread malware and dupe users into visiting scamming sites — this is different, said [CEO of Sunbelt Software] Eckelberry.

“This is crafty,” Eckelberry said today in an interview. “This isn’t normal search poisoning. It’s poisoning the results with actual searches. Users were getting back a prior search as a search result.”

Now you know a “crafty” way to “poison” search statistics — search for something.

Nowhere in the story does anyone mention that searches for porn are expected to be a huge percentage of total search results. Meanwhile the recent news from Nepal, which has tried to ban porn, is that search statistics show porn is popular.

Despite the August 2010 Home Ministry ban on pornographic websites in Nepal, the number of Nepali internet users surfing pornographic contents online has not dwindled.

Currently, the number of porn content seekers on Google—the most popular search engine—stands at a staggering growth rate of over 140 percent.

The Microsoft attack is described by CSO like this:

By repeatedly searching for sites using pre-selected phrases — “sex” and “girl,” for example — on the Safety & Security Center, criminals tricked the site into saving those searches, which then popped up near the top of the results of any subsequent searches by others.

Now consider that the Nepal news is written like this:

Google states the searches are often done with titles such as “hot babes”, “beautiful girls”, “cute hotties”, “sexy models wallpapers” and “bollywood babes”. […] Searches for naked and vulgar images have also rocketed to around 90 percent in the last few years.

So was the Microsoft site actually “tricked” or was it reflecting a predictable search statistic as a result of an open policy on results?

Eckelberry does not explain whether the saved searches were linked to actual human searches or falsified (i.e. automated) accounts. The article speculates a Twitter feed may have been related to the surge but it also sounds like a search engine ranked porn pages as popular when a lot of users searched for porn. That means they could have called it a search engine data point on behavior (i.e. Nepal’s news) instead of an attack. The CSO story follows the trend of experts who like to call attacks “sophisticated” or “crafty” without offering any guidance on what that really means relative to daily threats/behavior.

Posted in Security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.