Google Images search results may lead to malicious sites
Postings by SANS Internet Storm Center and security specialist Brian Krebs describe how, in recent weeks, both have been receiving many reports that vulnerabilities in Google Images search are being exploited in order to load malicious software onto users' systems. Both sources state that users are being led to fake anti-virus web sites and presented with false security alerts.
The Internet Storm Center gives a detailed description of the exploit: legitimate sites are compromised and scripts are planted on them; these scripts monitor Google Trends for suitable search terms and create fake web pages containing text and images culled from various web sites; these web pages and the images they contain are then be indexed by the Google bots; when a user clicks on a relevant thumbnail in the results of a Google Images search, the exploit will be triggered and the user directed to a fake anti-virus web site. The description concludes with the comment by Bojan Zdrnja that "Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google's image search seem to be plagued with malicious links."
According to Krebs, Denis Sinegubko is developing a plug-in for Firefox that will recognise thumbnails that potentially lead to hostile sites in Google Image search results, and highlight them with a red border. Thumbnails that are hot-linked and may be malicious will be highlighted with a pink border. Krebs also quotes a Google source, Jay Nancarrow, as stating that the company is taking "active efforts to improve both the quality of the results and malware detection ... We're improving, as are the people trying to put users at risk, and in the interests of those users it's best if we don't reveal everything that we're doing about this."