Cyber-crooks subvert Google AdWords

By on
Cyber-crooks subvert Google AdWords

Experts unveil 'hard evidence' of fraud.

Security experts claim to have uncovered "hard evidence" that cyber-criminals are using Google's AdWords to infect unsuspecting users with malware.

Under the guise of ads for trusted organisations, unsuspecting users are instead redirected to malicious sites that attempt to install exploits and other malware, according to Exploit Prevention Labs (EPL). 

Roger Thompson, chief technology officer at EPL, said in a blog posting that he first learned of the attack vector on 10 April. 

A user of the EPL's LinkScanner Pro safe surfing software ran a Google search on the phrase 'how to start a business'.

The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legitimate company, yet the hyperlink actually led to a site that attempted to install a password-stealing key-logger on the user's PC.

Thompson's team discovered that an organisation had registered the domain name smarttracker.org on 2 or 3 April. By 10 April, the organisation had opened a Google AdWords account and purchased campaigns for various search terms.

Although each of the ads displayed a trusted hyperlink, clicking on the link redirected the user to smarttracker.org before sending them on to their intended destination.

"Although Google has terminated this particular offending account, the discovery highlights problems facing all sponsored search vendors: how to determine the legitimacy of any individual advertiser, and whether a redirected link is being used legitimately," EPL stated.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
adwordscybercrooksgooglesecuritysubvert

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets

Log In

  |  Forgot your password?