Security experts claim to have uncovered "hard evidence" that cyber-criminals are using Google's AdWords to infect unsuspecting users with malware. Under the guise of ads for trusted organisations, unsuspecting users are instead redirected to malicious sites that attempt to install exploits and other malware, according to Exploit Prevention Labs (EPL). Roger Thompson, chief technology officer at EPL, said in a blog posting that he first learned of the attack vector on 10 April. A user of the EPL's LinkScanner Pro safe surfing software ran a Google search on the phrase 'how to start a business'.
The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legitimate company, yet the hyperlink actually led to a site that attempted to install a password-stealing key-logger on the user's PC. Thompson's team discovered that an organisation had registered the domain name smarttracker.org on 2 or 3 April. By 10 April, the organisation had opened a Google AdWords account and purchased campaigns for various search terms
View: The full story
News source: vnunet