We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google stomps on AdWords exploit

Hackers attack systems via advertising links

Google has rooted out a scam that delivered malware via the search engine's AdWords advertising system, and even added extra sections to specific banking sites to gather additional information.

The scam was a particularly dangerous example of a trend that has become a significant problem for search engines such as Yahoo and Google with hackers using search engine results and advertising links to attack users' systems.

This particular attack also took a page out of the phishers' book by impersonating well-known brands such as the Better Business Bureau, according to Exploit Prevention Labs, which said it had been monitoring the attack since 10 April until Google shut it down two weeks later.

"This is an issue we've taken very seriously and will continue to monitor," said a Google spokeswoman. "We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts."

The links in question turned up in response to searches such as Better Business Bureau - for which the malicious link was the top sponsored link, according to Exploit Prevention Labs. Other searches affected included 'Florida Business Opportunity Law' or 'Modern cars airbags required'.

Google has terminated the account behind the attack. Exploit Prevention Labs said it had detected about 20 different search strings that resulted in links to smarttrack.org.

The Better Business Bureau link did, in fact, lead to the BBB's website, but only after passing through a seemingly harmless site called smarttrack.org. This site used a modified MDAC exploit to attempt to install a backdoor and a post-logger on to the user's system, Exploit Prevention Labs said.

The post-logger targeted about 100 banks by injecting extra html into those banks' response pages to get users to enter extra information. It also logged all user IDs and passwords.

"Because the post logger is a browser helper object, it is part of the end-point of any SSL transaction, and can see everything in plain text, instead of encrypted," said Exploit Prevention Labs chief technical officer Roger Thompson on the company's blog.

He said the exploit highlights a significant issue in that, unlike with organic search results, sponsored results don't display a preview of where the link is leading.

"This means that a user has no clue where she is about to navigate to. Savvy search engine users will know that often these sponsored links will take you through a 'Click-manager' or other advertising service and so seeing your browser pass through smarttrack.org will appear benign enough," he wrote.

Aside from malware infesting their advertising systems and search results, search engines such as Yahoo and Google also have to deal with click fraud, a growing problem where companies try to drive up their competitors' advertising costs by generating fake ad click-throughs.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...