In association with heise online

27 April 2007, 14:34

Google's Sponsored Links lead to malicious pages

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google has confirmed an incident in which ad-sponsored Sponsored Links and AdWords lead to pages that attempted to infect visitors with a password-stealing Trojan via a well-known vulnerability in Internet Explorer 6. Google says it has deleted the AdWord account in question. It is not known how many users have been exposed to infection, but due to the unusual nature of the search terms: "BetterBusinessBureau", "Florida Business Opportunity Law", or "Modern cars airbags required"; it is unlikely many users will have followed the links.

The problem was discovered by security software manufacturer Exploit Prevention Labs, which came across it within the scope of its Community Intelligence Network. Among the AdWords in the returned results from these searches were links apparently leading to the harmless site Unfortunately Google's Sponsored Links do not show their true destination, nor is it indicated in the status bar when mousing over the link, so there was no indication that the link actually led to a different, malicious, site.

Although Google states that it checks Sponsored Links both manually and automatically to see whether they pose a risk for users, it apparently took two weeks in the present case for the link to be removed. Exploit Prevention Labs claim to have detected the link on 10 April, but Google did not remove it until 24 April. The search engine company now plans to take steps to prevent such attacks in future. As a precaution Google, also recommends that users install the free Google Pack containing a virus scanner (Norton Security Scan) and a spyware scanner (Spyware Doctor).

Microsoft has also had to contend with problematic advertising. In February this year banners advertising dubious software were displayed to users of Windows Live Messenger. The banner in the messenger took users to a website of the alleged anti-spyware application SystemDoctor 2006, where misleading information encouraged the download and installation of malicious software. Microsoft apologised for the incident.

Related articles:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit