Printed from www.pcpro.co.uk
Hackers turn to search engine sponsored links
Posted on 30 Apr 2007 at 12:59
According to security researchers, cyber criminals are using Google Adwords to infect unsuspecting users.
According to security software developer Exploit Prevention Labs's team of researchers, malware is being distributed under the guise of adverts for legitimate, trusted organisations. Instead of connecting to these legitimate sites, users are redirected to malicious sites that attempt to install exploits and other malware.
'We've been watching an interesting puzzle for a couple of weeks now, and last night the last couple of pieces fell into place,' said Roger Thompson, chief technical officer at Exploit Prevention Labs. 'Since 10 April, our community intelligence network has been finding exploit detections seemingly at household name sites like the Better Business Bureau and cars.com, but they are actually coming from a place called smarttrack.org masquerading as one of the legit sites.'
He said that researchers at the company discovered that one of these rogue links was the number one sponsored link when people entered the phrase BetterBusinessBureau into Google - (link see the case study here).
While users eventually get directed to the legitimate site, it takes the unwary user through smarttrack.org, which uses a modified MDAC exploit to try to install a backdoor and a post-logger on the user's system. 'The post-logger is specifically targeting about 100 banks from around the world, by injecting extra html into those banks response pages, to try to coax extra information out of the victim,' said Thompson.
He said that while links to malware sites are nothing new, it does highlight a significant issue. While passing the mouse arrow over a normal result shows the URL a user is about to click on, no URL preview is shown on sponsored links.
'This means that a user has no clue where she is about to navigate to,' said Thompson. 'Savvy search engine users will know that often these sponsored links will take you through a "Click-manager" or other advertising service and so seeing your browser pass through smarttrack.org will appear benign enough.'
He said that Google has since terminated that particular Adwords account but the researchers have found another 20 different search strings that resulted in links to smarttrack.org. 'It is not yet clear if all the links have been cleared up,' he said.
Author: Rene Millman
advertisement
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Do I like Windows 7 because it's so like a Mac?
- No Windows 7 drivers turn Dell M1330 into a doorstop
- Is Windows 7 good looking enough to sway an Apple fan?
- Typekit brings print-like typography to the web
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
- Building a better Google
- Beware HP's horrendous printer-driver glitch
- Microsoft debuts free Morro antivirus package
- Getting started with Search Server 2008 Express
advertisement
