Results 1 to 5 of 5

Thread: Booby Traps Hide in Google Sponsored Links

  1. #1
    Join Date
    Jun 2006

    Default Booby Traps Hide in Google Sponsored Links

    Roger Thompson of Exploit Security Labs posted today about finding poisoned Google sponsored links that surreptitiously direct searchers through malicious sites that attempt to surreptitiously install malware on your PC.
    According to Thompson, if you ran a Google search for "BetterBusinessBureau" from April 10 through about 11am EST this morning, you'd have stood a one in three chance of seeing a top sponsored link with green link text that read - just like the real search result. If you clicked that sponsored link, you'd even end up at the regular BBB site as per normal.
    But before you got to the site, you'd invisibly pass through a malicious site that would try to exploit an Internet Explorer browser hole. The site wouldn't have shown up in your browser, and you wouldn't have had any way of knowing about the redirection ahead of time. Unlike with real search results, you don't see the destination URL if you pass your mouse over a Google sponsored link.
    Our colleagues over at InfoWorld have some more background on this in a story called: Experts: Google Doesn't Police Advertisers.

    You'd have had no idea that you passed through the poisoned site on your way to the BBB - or that if your PC lacked a critical security patch, the site would have surreptitiously downloaded malware onto your computer meant to steal banking credentials. (When Thompson e-mailed a sample to me, my antivirus identified it as Infostealer.Bancos and deleted it from my e-mail.)
    I haven't yet heard back from Google to see if they can verify these attacks, but Thompson has screen shots with results from his LinkScanner browser add-on that appear to identify the malicious links.
    When I talked with Thompson, he said the attacks attempted to hit an old, but still commonly attacked Windows MDAC vulnerability in Windows XP and Windows Server 2003. So if you were smart enough to keep your system patched you'd have been safe from these particular exploits.
    But it looks like the framework is still in place for other Internet criminals to come along and pay for a similar sponsored link for other search results. It's not unusual to redirect through an advertising service site that records your passing for legit sponsored links, Thompson says. When I just checked, also hides the URL for sponsored links, while Yahoo and MSN display what looks like redirection links at and
    Also, a subdirectory of the malicious redirection site used in the Google attacks still appears to host the MDAC exploit.
    I'd love to hear from Google whether they screen purchasers of sponsored links or the redirection URLs they use. I hope so, since after this and the MySpace malicious banner ad fiasco from last year, online crooks now seem to happily use ads as an attack vector.

    In the meantime, you can use XPL's Linkscanner and McAfee's SiteAdvisor, both available in free versions, to give you some advanced warning about dangerous search results.


    Your Website People!
    1-302-283-3777 North America / International
    02036089024 / United Kingdom
    291916438 / Australia


    Top 3 Best Sellers

    Web Hosting - Unlimited disk space & bandwidth.

    Reseller Hosting - Start your own web hosting business.

    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)

  2. #2
    Join Date
    Feb 2007

    Thumbs up Re: Booby Traps Hide in Google Sponsored Links

    Interesting article, thanks. will pass this onto a friend who had details stolen recently & couldn't work out how it was done

    Personally I completley avoid it....Linux & Firefox ;)

  3. #3
    Join Date
    Aug 2007

    Default Re: Booby Traps Hide in Google Sponsored Links

    no way??? although i keep my computer updated i am never clicking on a goolle ad ever again!


  4. #4
    Join Date
    Jun 2007

    Default Re: Booby Traps Hide in Google Sponsored Links

    Thanks Ladyeye, is there nothing these scumbags will stop at? I guess not where money is concerned. The internet makes Dodge City look like a nunnery. LOL
    Web Graphics, eBook Covers, Headers, and Buttons

  5. #5
    Join Date
    Mar 2006

    Lightbulb Re: Booby Traps Hide in Google Sponsored Links

    Unlike other Anti-Virus or Internet Security utilities, ca Anti-Virus 2008 includes Website Verification tools and Link Validators as standard to protect from re-directs and ghosted applications.

    VISTA once proclaimed it would have such protection included, but don't count on it. Same thing for the VeriSgn and Yahoo's "validated link" programs and how they tried to get all the browsers to adopt the practice (they discovered they would effectively limit their advertiser pool by about 30% if they implemented such a plan and departed from their hands-off "surfer beware" position). It's all about the money, unfortunately, and Google is the worst offender of all time.

    Download a FreeTrial of CA Anti-Virus 2008 Here
    . VodaWebs....Luxury Group
    * Success Is Potential Realized *

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts