Experts at security software developer Exploit Prevention Labs have discovered definite confirmation about the fact that cybercriminals are using Google AdWords to infect unsuspecting users with malware. Under the pretext of ads for legitimate, trusted organizations like The Better Business Bureau, unsuspecting users are in place redirected to malicious sites that attempt to install exploits and other malware.
Security veteran and Exploit Prevention Labs’ CTO Roger Thompson reported his findings yesterday on his blog on Wednesday.
Exploit Prevention Labs became aware of this new attack vector for the very first time on April 10, when a user of the company’s LinkScanner Pro safe surfing software ran a Google search on the phrase “how to start a business.” The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legal business, yet the hyperlink actually led to a site that attempted to install a password-stealing keylogger on the user’s PC. LinkScanner Pro blocked the threat and automatically reported the discovery back to Exploit Prevention Labs researchers, who launched an immediate investigation.
Thompson’s team found that, on April 2 or 3, an organization badly popular, registered the domain name Smarttracker.org. By April 10, the organization had opened a Google AdWords account and bought campaigns for various search terms. Even though each of the ads displayed a trusted hyperlink, clicking on the link redirected the user to smarttracker.org before sending them on to their intended destination.
While the search giant has stopped this particular offending account, the revelation stresses problems facing all sponsored search vendors – how to determine the how legal an individual advertiser is, and how to find out whether a redirected link is being used lawfully.