The Microsoft Safety and Security Center was hit by a search bug over the weekend that led results to pornographic websites.
According to GFI Labs' Alex Eckelberry, VP and general manager of the security business unit at GFI Software and formerly president and CEO of Sunbelt Software, the company had noticed a search poisoning bug that led to an innocuous search returning nasty results.
He said: “Searching for porn terms will yield some very nasty results. Why is this different? Normal search poisoning is where results come up that directly link to a site. However, blackhat search engine optimisers (SEOs) have created Microsoft Security Center search results on specific terms. These terms include things like: porn; free porn; streaming; YouTube sex; and even: ‘baby girl names'.
“It's ironic that only Microsoft Safety and Security Center searches are returning porn results and since only specific terms are used, if you search using a different term, say ‘United Nations', you'll get real, normal results.
“In other words, blackhat SEOs are seeding illegitimate search results within the Microsoft search results. Pretty tricky and impressive. There are a number of ways this could be done (for example, using the ability on the site to direct to Twitter a search result). Confused? You don't need to be. Just know that inevitably, these types of things can lead to malware.”
He revealed that the culprit was Zugo, a Bing-branded search toolbar with a history of being installed through exploits and other misleading/deceptive means. “It's a rather poetic twist of irony (unrelated to the search story here), that Zugo is a Microsoft Bing partner. At any rate, let's hope this all gets cleaned up soon,” he said.
In a follow-up blog post a few hours later, Eckelberry said that the search option was no longer available on the Microsoft Safety and Security Center, while the searches themselves were still live.Eckelberry said: “Nevertheless, I have every reason to believe that Microsoft will sort this out fast. My personal experiences with their malware research and security teams have always been positive and I am certain they will get this issue resolved rapidly.”