Google Video searches lead to malicious site

Share this article:
Cybercriminals have begun using Google Video to deliver victims to their doorstep.

About 400,000 search queries on the popular video search site recently redirected to a malicious website that leads to malware download and execution, Jamz Yaneza, threat resesearch manager at Trend Micro, told SCMagazineUS.com on Monday.

The threat first was detected last week, according to Google, and appears to have been halted, researchers said.

During the attack, cybercriminals utilized search engine optimization (SEO) tactics to make their poisoned search results appear at the top of the list for certain queries, Yaneza said. Users were tricked into visiting the malicious websites, believing that the top search results were reliable.

When users followed one of the fake video searches, they were redirected to a spoofed video streaming website and were prompted to download and install an Adobe Flash Player update to view the videos, Yaneza said. That download was really a new worm -- detected as WORM_AQPLAY.A -- which spreads through shared network drives and removable media devices when autorun is enabled.

Users were only prompted to download the worm if they were referred to the site from Google Video. So, if a user went straight to the bad site by typing the URL in his or her browser, they were not delivered the exploit because they were not referred there from Google.

This makes the exploit more difficult to detect because the malware writers are weeding out those who are not genuine victims, such as researchers, Roger Thompson, chief research officer at AVG, told SCMagazineUS.com Monday.

He said the crooks appear to be operating out of Russia or Ukraine and are well versed in similar internet attacks.

“We have not seen this particular trick before but we have seen this gang plenty of times,” Thompson said.

A Google spokesman told SCMagazineUS.com on Monday that it has taken steps to prevent future attacks of this nature.

"Google works hard to protect our users from malware, and using Google Video, or any Google product, to serve or host malware is a violation of our product policies," he said.

Share this article:

Sign up to our newsletters

More in News

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.

Two plead guilty for roles in separate Android app piracy groups

Two members of different Android app piracy groups pleaded guilty this week to conspiracy to commit criminal copyright infringement.

Study: Eighteen percent of online adults have had personal info stolen

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.