“It’s time,” I thought to myself this morning, “to upgrade to Internet Explorer 9.”
To find out where to get it from, I Bing!ed “IE9”.
As avid readers of Naked Security, we all know that bad guys are experts at search engine optimization. Tailoring page content to appear as highly-ranked results to trending search terms is an often-exploited way to ensnare unsuspecting victims.
So I was immediately wary of the first link on the page:
It rang all the bells for me.
Dong: my search term “IE9” is definitely a high-profile topic right now.
Ding: the link was to a domain that looked like it had been made up in an attempt to look genuine.
Bong: there was a much more official-looking link immediately underneath it.
Bing: it was offering an ‘enhanced’ IE9 – a blatant tactic to make me click it in preference to the boring, ordinary IE9 link below.
But still, I wondered how something linking to a fake Microsoft product download could have become a sponsored link on Microsoft’s own search engine. I resolved to dig deeper.
The page immediately required me to download a new version of Flash. This didn’t inspire confidence! However, the download link pointed back to a more recognizable Microsoft domain. Maybe it was genuine?
A whois search revealed that the domain ie9enhanced.com is in fact registered to Microsoft, and that the DNS records point to Microsoft’s own DNS server. In short, all the real evidence suggests that this really is a Microsoft microsite, designed to use the launch of IE9 to promote MSN and Bing as well. So no problems, then?
Well, not entirely. If you get a page full of results from a reputable search engine, you can be pretty sure that if you pick a URL from a recognized domain you’ll end up on the right site. But domain lookalikes and typo squatting mean that you always have to be on your guard, particularly when links lead to file downloads.
The brief lines of text provided in search engine results make it hard enough for us to identify good sites from bad ones. When special-purpose domains for campaign microsites appear, it becomes even more confusing. At best, people might ignore the microsite domain, keeping themselves safe but making the marketing dollars a waste. At worst, the protection and reputation offered by use of known domains is lost and people end up infected the next time they follow an unknown domain.
Of course, Microsoft aren’t alone in this – even Sophos has done it in the past – but maybe it’s time marketers thought again about the real value of using cute campaign domain names. They’re great when using other media to communicate a memorable web site address. They’re not so great when they start to appear in search engine results.