Criminals Exploit Google Adwords, Redirect Users to Malicious Sites

At EPL (Exploit Prevention Labs), maker of security software, researchers have found strong evidence that online criminals are exploiting Google Adwords for contaminating unwary users' machines with malicious software. The ads purporting to be for legitimate organizations such as The BBB (Better Business Bureau), redirect innocent users to harmful sites that try to install malware. Roger Thompson, CTO of EPL posted his findings on April 24, 2007 in his blog at http://explabs.blogspot.com/2007/04/google-sponsored-links-not-safe.html.

Explaining the trick, Thompson said that a person who entered "Better Business Bureau" in a Google search during the period April 10-April 25, 2007 would have one in three possibilities of a top-sponsored link that would read www.bbb.org just as the actual search hit. On clicking the link, the person would even get the normal BBB site.

But the attack happens before going to the bbb.org site, where the surfer passes through a malicious site without knowing about it because the site does not appear on the browser. This site attempts to exploit a security hole in Internet Explorer. The malicious site redirects the surfer much before time. A Google sponsored link does not show the intended destination URL, unlike a real search result.

EPL came to know about this attack on 10 April 2007. An individual using EPL's surfing software "LinkScanner Pro-Safe" was running a search on Google for "how to launch a business". The top-sponsored links that appeared in the search hits apparently came from AllBusiness.com, an established business. But the hyperlink directed the user to a site, also a malicious one as it tried to load a 'password stealing' keylogger on his PC.

Thompson's team came to know that on 2/3 April this year, a disrepute organization registered a domain called smarttracker.org. By the 10th, the organization created an account on Google Adwords and acquired campaigns to sponsor different search phrases. While all the ads showed up trusted hyperlinks, yet clicking on any of them landed the user at smarttracker.org on the way to the user's intended destination.

Google has invalidated the offending smarttracker.org account. But Thompson thinks other such accounts may continue to stay considering the successful running of smarttracker.org.

Related article: Criminals Hack With More Evil Tactics

» SPAMfighter News - 5/2/2007