Google Ads Lead to Phony Apps
Web security firm Websense is warning that scam artists have hijacked Google's sponsored links to spread rogue anti-virus software. While this type of attack is not new, I was amazed to find how deeply Google's ad program appears to be infested with this crud.
Websense's alert shows how following sponsored links generated by searches for popular software titles may not be such a hot idea. Their investigation of the sites served up at those links took them through what appears to be a long and convoluted effort to trick visitors into installing bogus security software.
Websense discovered the scam after searching for WinRAR, a popular tool used for archiving files and folders. Interestingly, when I searched for WinRAR just a few minutes ago, I found two different sponsored links to sites that offered up a version of the program that came with a malicious keystroke-logging program attached, according to a scan of the downloaded file that I ran at VirusTotal.
I Googled for "Firefox" and found a single sponsored link to the right, which leads to a site that collects your e-mail address, and then on the next page prompts you to pay for the free browser.
Ditto for Adobe's Flash Player, which generated sponsored links that led to:
Which, in turn, leads to a similar payment page:
These scams succeed because people fail to download programs directly from the vendor's site. In the scam Websense highlighted, the perpetrators used a fake Download.com page. This leads me to my second most-uttered tip: If you didn't go looking for it, don't install it. If you did search for it, make sure you're really at the site you think you're visiting. Free tools like Netcraft's anti-phishing toolbar and McAfee's SiteAdvisor make it easy to check this information.
December 16, 2008; 4:53 PM ET
Categories: Fraud , Latest Warnings , Safety Tips , Web Fraud 2.0
Save & Share: Previous: Microsoft: Emergency Patch for IE Flaw Coming Wednesday
Next: CheckFree.com Hijack May Have Affected 160,000 Users
Posted by: email@example.com | December 17, 2008 2:01 AM | Report abuse
Posted by: firstname.lastname@example.org | December 17, 2008 2:06 AM | Report abuse
Posted by: email@example.com | December 17, 2008 2:13 AM | Report abuse
Posted by: Heron | December 17, 2008 1:02 PM | Report abuse
Posted by: BTKrebs | December 17, 2008 3:30 PM | Report abuse
Posted by: Heron | December 17, 2008 3:30 PM | Report abuse
Posted by: firstname.lastname@example.org | December 18, 2008 10:19 PM | Report abuse
Posted by: mmcgrane | December 19, 2008 9:26 AM | Report abuse
Posted by: Heron | December 20, 2008 10:11 AM | Report abuse
The comments to this entry are closed.