Google Video searches lead to malicious site

Share this article:
Cybercriminals have begun using Google Video to deliver victims to their doorstep.

About 400,000 search queries on the popular video search site recently redirected to a malicious website that leads to malware download and execution, Jamz Yaneza, threat resesearch manager at Trend Micro, told SCMagazineUS.com on Monday.

The threat first was detected last week, according to Google, and appears to have been halted, researchers said.

During the attack, cybercriminals utilized search engine optimization (SEO) tactics to make their poisoned search results appear at the top of the list for certain queries, Yaneza said. Users were tricked into visiting the malicious websites, believing that the top search results were reliable.

When users followed one of the fake video searches, they were redirected to a spoofed video streaming website and were prompted to download and install an Adobe Flash Player update to view the videos, Yaneza said. That download was really a new worm -- detected as WORM_AQPLAY.A -- which spreads through shared network drives and removable media devices when autorun is enabled.

Users were only prompted to download the worm if they were referred to the site from Google Video. So, if a user went straight to the bad site by typing the URL in his or her browser, they were not delivered the exploit because they were not referred there from Google.

This makes the exploit more difficult to detect because the malware writers are weeding out those who are not genuine victims, such as researchers, Roger Thompson, chief research officer at AVG, told SCMagazineUS.com Monday.

He said the crooks appear to be operating out of Russia or Ukraine and are well versed in similar internet attacks.

“We have not seen this particular trick before but we have seen this gang plenty of times,” Thompson said.

A Google spokesman told SCMagazineUS.com on Monday that it has taken steps to prevent future attacks of this nature.

"Google works hard to protect our users from malware, and using Google Video, or any Google product, to serve or host malware is a violation of our product policies," he said.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.