At the end of my post Google and the Drive-by Download, I wondered how prevalent such query results were.
This is an attempt to answer this question.
Here’s a Perl script that will execute Google queries and look for suspect URLs in the first page with a regular expression (remember, suspect URLs are of the form 123.1a2b3c.info). If you want to use the script on your Windows machine and don’t have a Perl interpreter, you can use ActiveState’s free ActivePerl.
Since I have no list of common Google queries used here in Belgium, I included a simple algorithm in my program to generate its own queries. They look like this: name profession. I feed my program with a list of frequently occurring last-names in Belgium and a list of professions you might want to search for (like a plumber).
Here’s the output of my program:
Suspect queries: 613.6x2q1y.info http://www.google.be/search?hl=fr&q=Thys+Blanchisseur 4859.4rhw0hk.info http://www.google.be/search?hl=fr&q=Gerard+Plombier Suspect URLs: 4859.4rhw0hk.info 613.6x2q1y.info 2 suspect queries out of 2322 queries (0.0861326442721792%).
About 1 out of 1000 queries (looking for a profession) list a drive-by download site on the first result page. That’s not too bad, but still a surprising result to me.