Using Google Search to Find Software Can Be Risky

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
8,618
Reaction score
6,982
Credits
57,923
January 25, 2024
Google
continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to create and enforce their abuse policies. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago.

But cybercrooks are constantly figuring out ingenious ways to fly beneath Google’s anti-abuse radar, and new examples of bad ads leading to malware are still too common.

For example, a Google search earlier this week for the free graphic design program FreeCAD produced the following result, which shows that a “Sponsored” ad at the top of the search results is advertising the software available from freecad-us[.]org. Although this website claims to be the official FreeCAD website, that honor belongs to the result directly below — the legitimate freecad.org.

freecadad.png


How do we know freecad-us[.]org is malicious? A review at DomainTools.com show this domain is the newest (registered Jan. 19, 2024) of more than 200 domains at the Internet address 93.190.143[.]252 that are confusingly similar to popular software titles, including dashlane-project[.]com, filezillasoft[.]com, keepermanager[.]com, and libreofficeproject[.]com.

Some of the domains at this Netherlands host appear to be little more than software review websites that steal content from established information sources in the IT world, including Gartner, PCWorld, Slashdot and TechRadar.

READ MORE
 


Just like there is well known "deep fake news", methods to identify and reveal fake news, so will google develop some sort of "deep fake ads" to combat bad guys lol
 
This is not a matter that I would criticize Google for, is too big to manage we all know that. But if you can avoid using Google it's a good thing for you for numerous other reasons

For software use primarily the repositories of your distribution, if you use Windows I can't care less for you
 
For software use primarily the repositories of your distribution
And there it is in a nutshell !!

Use the repositories, .... and the chances of encountering drama virtually fade to nothing
 
I do not any longer trust Google as a web browser. My default is now DuckDuckGo.
Always,
Wildman

Exactly...been using DuckDuckGo myself.
m1212.gif
 
DDG browser....not available for Linux.....Yet.
 
I have been using Linux since 2017 and using DDG web browser since then so I don't understand what you are saying.
Always,
Wildman
There is a difference between the duckduckgo browser, and the duckduckgo search facility which can be added into one's existing browser. As yet, duckduckgo have browsers for other OS's, but not linux.
 
There is for Android. Don't see a version for Linux.
I just wanted to test it with ''cover your tracks'' out of curiosity, not that I would ever use that even if it had good results. If I remember well not far back they were selling data to MS
 
Last edited:
I'm still in the process of moving over to Linux Mint from Windows and familiarizing myself with all the new things to play with. I don't know how helpful this might be with Linux...

As a soon to be former slave to the Giant, I never, ever download ANYTHING without:

Searching the internet to find out if the application itself is safe, Trust Pilot, publications I trust, forums I trust that mainly address Windows users, YouTube channels I trust. If I can't find anything about that free software on any of these platforms, I don't download it.

I NEVER download from a link. I download from the site AFTER I verify the authenticity of the website or I download from Souceforge or CNet

I DON'T USE GOOGLE, not their search engine, not their browser. I use Firefox and Duck Duck Go. I don't use the default settings in Firefox.

Finally, and this I'm pretty sure isn't relevant in Linux, my security software scans the download.

I even researched the legitimacy of this site and the site to download Linux Mint!
 
I didn't know this about CNet. Thanks! Now I know why CNets review of freeware is often so different from that of the users.
 
They very likely don't pack malware but problem is that there is so much software out there and if you want to be sure you getting the right thing then you want to visit publisher site directly.

For testing purposes I've downloaded 7-zip from CNet and noticed the download is way out of date compared to publisher site,
while checksums match the sole fact that program is out of date bring other security concerns such as introducing known bugs into your system which can then be exploited.
 
My theory is if APT can't find it it's not worth having.

Any time you go outside of your distribution's repo's it's risky. If you do manage to compile from src you may not be able to update or upgrade the software so there's that.

Start Page is a good alternative to Google.

I've been using it for a while now and I haven't had any issue's.
 

Members online


Top