Monday, 30 April 2007

Spyware Through Google Adverts

Google's AdWords advertisements can infect your PC with spyware. Using a combination of an AdWords account and website redirection, hackers (or whatever you want to call them) can lure unsuspecting users to a fake website that installs spyware on unpatched systems. It then 'immediately' sends the victim's browser to a legitimate site. In reality there is a bit of a delay between visiting the malicious site and being redirected.

The YouTube video below demonstrates this attack and gives a clear explanation of how it works.

On a slightly unrelated note, I am always amazed by the reliance that people put on Google to find sites, especially ones they already know about. For example, I know a guy who visits a few sites regularly but has neither memorised their (easy to remember) URLs nor used his web browser's Favorites feature. Instead he *always* types the site's name into Google and lets the search engine provide a clickable link. This habit means that Google knows which sites he uses all the time. Trusting a third party with your browsing history is not in your best privacy interests.

Habitually clicking on links rather than entering web addresses manually (or via Favorites), makes users more vulnerable to phishing-style attacks. If a victim's system was made to visit a fake Google site (perhaps due to a hacked host file), or bad people managed to get fake sites high up in Google's search results, the search results could take the victim to sites hosting spyware and then redirect him to a legitimate site.

The Google AdWords attack above works mainly because users cannot see the target URL in the browser's status bar until they click on the link. However, my guess is the sort of people who type 'bbc news' every day into Google won't check the URL in the status bar, making them vulnerable to being fooled by false results, which in turn creates a windows of opportunity to install spyware.