A simple Google search may not always return peaches n’ cream; in fact, even clicking one of Google’s own sponsored ads may result in malicious code being installed on your machine and stolen e-mail and bank account passwords, according to a recent heads up on the Exploit Prevention Labs Blog.

The scary part is, most times you won’t even know something bad has happened until it’s too late. Google searches for ‘Better Business Bureau’ or ‘modern car airbags required’ would turn up results from a malicious website, smarttrack.org (please do no go there).

Except smarttrack.org would not be shown as the destination URL; instead it would be masked with a legitimate URL. Ironically, when you roll your mouse over the link, the ‘real’ destination URL would not show, as Google’s sponsored results do not display URL previews.

We can all understand the complexity of the Google system; it is a vast world with many links. For that, we’ll give them leniency. But its own sponsored results? C’mon Google, you can do better than that.

 
You can see the above screen capture of the #1 result for the search term ‘betterbusinessbureau.’ Looks harmless, right?

Except after a link is clicked, the browser takes you through smarttrack.org, which uses an exploit to install a backdoor and a post-logger on your computer; this means that all your usernames and passwords entered into your browser, from that point on, can be easily viewed by the attackers in plain text, even if the site has SSL encryption.

A URL redirect to bbb.org leaves everything to appear normal; you wouldn’t even know anything had happened. From a user’s perspective, they had just clicked on the #1 Google sponsored result and was directed to the site they clicked.

Fortunately, Exploit Prevention Labs offers a unique solution to protect you from this problem, through its software, LinkScanner; which, is ultimately how this exploit was discovered in the first place. Exploit Prevention Labs, in just a matter of days, found 20 different search strings that linked to the malicious website.

Google has terminated the smarttrack.org account, but certainly leaves questions as to how something like this could happen in the first place. Most importantly, how many more sites are manipulating the Google advertising service? Does Google screen its paid sponsors? or is it concerned with simply making money?

Related:

Entry was posted on Thursday, April 26th, 2007 at 5:13 am under Google, Security.

Read more entries by George Gardner.
Stumble It!