Roger Thompson, CTO of Exploit Prevention Labs, said in a blog post on Tuesday that his firm has identified exploits posing as legitimate URLs for the Better Business Bureau and cars.com in the "sponsored links" section that appears alongside search results.
Advertisers pay Google for the sponsored links to appear following specific search queries.
Clicking on one of the malicious links, though, takes the user to the real website – but along the way they are unknowingly redirected to www.smarttrack.org, which hosts a Microsoft Data Access Components (MDAC) exploit that attempts to install a backdoor keylogger, said Thompson.
Cybecrooks then use the customised trojans to pilfer banking information from online customers of about 100 targeted banks from around the world, Thompson said. Because the keylogger is delivered as part of a browser-helper object, it "is part of the endpoint of any SSL transaction and can see everything in plain text, instead of encrypted," he said.
There is little unsuspecting users can do to avoid being duped, Thompson said.
"Lots of links in any search engine point to infective sites, so that’s not really a surprise, but this does highlight a significant issue," he said. "When you move the mouse over a normal, organic search result, Google shows you the URL you are about to navigate to if you click. If, however, you mouse over a sponsored result, no URL preview is shown. This means that a user has no clue where they are about to navigate to."
A Google spokesperson could not be reached for comment. But the search giant may have remediated the problem, Thompson said.
Google sponsored advertising links lead to exploits
By Dan Kaplan on Apr 27, 2007 11:12AM