Google advert exploit attack analysed
Video demonstrates malware infiltration via ads for legitimate sites.
Details continue to emerge of a serious attack using the Google Adwords advertising system to lure
unsuspecting victims to malicious exploit sites. Links placed in advertising accompanying Google search
results ended up at the proper, legitimate sites of the organisations being advertised, including the
Better Business Bureau, but got there via sites which used exploits to initiate drive-by downloads of
backdoor and data-gathering malware.
Analysis of the attack, released last week by Exploit Prevention Labs, shows how the lack of mouse-over
details of sponsored links carried by Google hid the redirection, and how MDAC vulnerabilities were used
to gain remote access to vulnerable systems led through the malicious pages. As well as backdoor trojans for
remote control of victims, other malware designed to gather sensitive online banking details for a wide range
of banking services was deployed.
Google has since shut down the suspect advertising accounts, preventing further misdirections, but no
information is yet available as to how many people were affected by the attack.
A release from Exploit Prevention Labs, including links to a YouTube video demonstrating the attack
in progress, is here, with more technical
detail in a blog entry here.
Commentary from McAfee is here.
01 May 2007
Tags:
advertising, exploit, google.
del.icio.us 
digg this
