Printed from www.pcpro.co.uk
Hackers turn to search engine sponsored links
Posted on 30 Apr 2007 at 12:59
According to security researchers, cyber criminals are using Google Adwords to infect unsuspecting users.
According to security software developer Exploit Prevention Labs's team of researchers, malware is being distributed under the guise of adverts for legitimate, trusted organisations. Instead of connecting to these legitimate sites, users are redirected to malicious sites that attempt to install exploits and other malware.
'We've been watching an interesting puzzle for a couple of weeks now, and last night the last couple of pieces fell into place,' said Roger Thompson, chief technical officer at Exploit Prevention Labs. 'Since 10 April, our community intelligence network has been finding exploit detections seemingly at household name sites like the Better Business Bureau and cars.com, but they are actually coming from a place called smarttrack.org masquerading as one of the legit sites.'
He said that researchers at the company discovered that one of these rogue links was the number one sponsored link when people entered the phrase BetterBusinessBureau into Google - (link see the case study here).
While users eventually get directed to the legitimate site, it takes the unwary user through smarttrack.org, which uses a modified MDAC exploit to try to install a backdoor and a post-logger on the user's system. 'The post-logger is specifically targeting about 100 banks from around the world, by injecting extra html into those banks response pages, to try to coax extra information out of the victim,' said Thompson.
He said that while links to malware sites are nothing new, it does highlight a significant issue. While passing the mouse arrow over a normal result shows the URL a user is about to click on, no URL preview is shown on sponsored links.
'This means that a user has no clue where she is about to navigate to,' said Thompson. 'Savvy search engine users will know that often these sponsored links will take you through a "Click-manager" or other advertising service and so seeing your browser pass through smarttrack.org will appear benign enough.'
He said that Google has since terminated that particular Adwords account but the researchers have found another 20 different search strings that resulted in links to smarttrack.org. 'It is not yet clear if all the links have been cleared up,' he said.
Author: Rene Millman
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
