Your Health And Tech Friend

 

 

(Please click red arrow to see full text and site)

... IP Is Mapped...
Don't Drink And Drive
Text Responsibly - Save A Life
... Wary Of The First Link ...

"It's time," I thought to myself this morning, "to upgrade to Internet Explorer 9."

To find out where to get it from, I Bing!ed "IE9".

As avid readers of Naked Security, we all know that bad guys are experts at search engine optimization. Tailoring page content to appear as highly-ranked results to trending search terms is an often-exploited way to ensnare unsuspecting victims.

So I was immediately wary of the first link on the page:

IE 9 search results on Bing

It rang all the bells for me.

Dong: my search term "IE9" is definitely a high-profile topic right now.

Ding: the link was to a domain that looked like it had been made up in an attempt to look genuine.

Bong: there was a much more official-looking link immediately underneath it.

Bing: it was offering an 'enhanced' IE9 - a blatant tactic to make me click it in preference to the boring, ordinary IE9 link below.

But still, I wondered how something linking to a fake Microsoft product download could have become a sponsored link on Microsoft's own search engine. I resolved to dig deeper.

IE 9 download page

The page immediately required me to download a new version of Flash. This didn't inspire confidence! However, the download link pointed back to a more recognizable Microsoft domain. Maybe it was genuine?

IE 9 download dialog

A whois search revealed that the domain ie9enhanced.com is in fact registered to Microsoft, and that the DNS records point to Microsoft's own DNS server. In short, all the real evidence suggests that this really is a Microsoft microsite, designed to use the launch of IE9 to promote MSN and Bing as well. So no problems, then?

Well, not entirely. If you get a page full of results from a reputable search engine, you can be pretty sure that if you pick a URL from a recognized domain you'll end up on the right site. But domain lookalikes and typo squatting mean that you always have to be on your guard, particularly when links lead to file downloads.

The brief lines of text provided in search engine results make it hard enough for us to identify good sites from bad ones. When special-purpose domains for campaign microsites appear, it becomes even more confusing. At best, people might ignore the microsite domain, keeping themselves safe but making the marketing dollars a waste. At worst, the protection and reputation offered by use of known domains is lost and people end up infected the next time they follow an unknown domain.

Of course, Microsoft aren't alone in this - even Sophos has done it in the past - but maybe it's time marketers thought again about the real value of using cute campaign domain names. They're great when using other media to communicate a memorable web site address. They're not so great when they start to appear in search engine results.
.....

 

(Please click red arrow to access full text and site)


spruce tree
only search Your Health And Tech Friend
Create a web page in minutes!
Page One
Next Page
"...around 1996, many savvy entrepreneurs jumped on the internet bandwagon and set out to make their millions. Back then, all you had to do was select a good domain name, choose a niche, set up your site with merchant payment facilities and viola! You're earning a fortune. There were very few that knew how to set up a good website back then, ..."  (this article below)
"Tailoring page content to appear as highly-ranked results to trending search terms is an often-exploited way to ensnare unsuspecting victims.

So I was immediately wary of the first link on the page:

IE 9 search results on Bing

It rang all the bells for me.

Dong: my search term "IE9" is definitely a high-profile topic right now. ..." this article below.

"...Many people prefer to get their domain and hosting from separate companies, This is not abnormal at all. Um, you should always know what your domain is! More importantly, your domain and hosting accounts even if they are different companies should be registered in YOUR name not your web master or consultant's name.." ....read more...
 
 
 
 
 
 
 
 


ble>