Bing ad serves malware to would-be Google Chrome switchers
Source: Ed Bott
The criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.
Update: The same gang is responsible for a wave of new ads that lead to malware. See Bing ad leads to more malware; new Mac Trojan in the wild.
Can you trust your favorite search engine? Don’t answer too quickly.
Earlier this year, Google was under siege by a gang of Russian criminals. The bad guys hijacked search results (especially for images) and used scripts to redirect Windows and Mac users to sites that tried to scare them into installing fake antivirus software.
Google eventually cleaned up the mess, and Russian authorities helped their cause immensely by arresting the ringleader.
But that doesn’t mean it’s safe to relax yet. This week I’m watching a new wave of attacks that are using web advertising and social engineering to deliver Windows-based malware. The payload looks like legitimate software, but it’s actually a malicious downloader .
Today’s example is from Bing, which may have a fraction of Google’s search traffic but still has attracted the attention of cybercriminals.
Earlier today I visited Bing and searched for google chrome. The results were accompanied by a handful of ads in prominent positions at the top and along the right side. Nothing unusual about that, except for two nearly identical ads that appeared side-by-side at the top of the list. Here’s what they looked like (I’ve obscured the URL names to make the test tougher).
| }
|