LOS ANGELES — After attackers poisoned search results with links to porn sites over the weekend, Microsoft disabled its search tool on its Safety and Security Center website.
Microsoft restored the website's search field today, later apologizing to users for the gaffe. The Safety and Security Center is a consumer resource site for Windows users, and includes security news and links to tools such as the company's free antivirus software, Security Essentials.
The problem started on Friday when researchers at security vendor GFI discovered that the Safety and Security Center was yielding a host of porn websites after users entered certain keywords into the search bar.
Search results included links to pages offering "you porn," free porn" videos and "prnhub," GFI wrote in a blog.
"[B]lackhat SEOs are seeding illegimate search results within the Microsoft search results," said Alex Eckelberry, the general manager of GFI Software's security group and the CEO of Sunbelt Software. "Pretty tricky and impressive. There are a number of ways this could be done — for example, using the ability on the site to Twitter a search result."
Blackhat SEO, or poisoned SEO, is often deployed to capitalize on trending web topics, creating top billing to rogue pages
Eckelberry speculated that the Safety and Security Center site had been saving searches, probably because it allowed users to forward searches to others using Twitter, and that those searches led to destination sites, in this case links to "hardcore, seriously hardcore porn sites."
"They used the site's unique ability to save a search against the site," he said. "This isn't normal search poisoning. It's poisoning the results with actual searches. Users were getting back a prior search as a search result."
On Monday afternoon, Microsoft confirmed the poisoning and apologized for the problem, but it declined to answer questions about how porn had infiltrated the search results.
