Google Video searches lead to malicious site

Share this article:
Cybercriminals have begun using Google Video to deliver victims to their doorstep.

About 400,000 search queries on the popular video search site recently redirected to a malicious website that leads to malware download and execution, Jamz Yaneza, threat resesearch manager at Trend Micro, told SCMagazineUS.com on Monday.

The threat first was detected last week, according to Google, and appears to have been halted, researchers said.

During the attack, cybercriminals utilized search engine optimization (SEO) tactics to make their poisoned search results appear at the top of the list for certain queries, Yaneza said. Users were tricked into visiting the malicious websites, believing that the top search results were reliable.

When users followed one of the fake video searches, they were redirected to a spoofed video streaming website and were prompted to download and install an Adobe Flash Player update to view the videos, Yaneza said. That download was really a new worm -- detected as WORM_AQPLAY.A -- which spreads through shared network drives and removable media devices when autorun is enabled.

Users were only prompted to download the worm if they were referred to the site from Google Video. So, if a user went straight to the bad site by typing the URL in his or her browser, they were not delivered the exploit because they were not referred there from Google.

This makes the exploit more difficult to detect because the malware writers are weeding out those who are not genuine victims, such as researchers, Roger Thompson, chief research officer at AVG, told SCMagazineUS.com Monday.

He said the crooks appear to be operating out of Russia or Ukraine and are well versed in similar internet attacks.

“We have not seen this particular trick before but we have seen this gang plenty of times,” Thompson said.

A Google spokesman told SCMagazineUS.com on Monday that it has taken steps to prevent future attacks of this nature.

"Google works hard to protect our users from malware, and using Google Video, or any Google product, to serve or host malware is a violation of our product policies," he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.