April 27, 2007 5:42 PM PDT

Google pulls malicious sponsored links

Google has removed paid links that advertised seemingly legitimate Web sites but actually tried to install nefarious programs on PCs.

The links were displayed as "sponsored links" after visitors entered specific queries into Google's search service. Clicking the links would ultimately go to a legitimate site, but by way of another site that attempted a "drive-by installation" of password-stealing software. Miscreants placed the links using Google's AdWords service for advertisers.

"Google identified and canceled AdWords accounts displaying ads that re-directed users to malicious sites," a company representative wrote on a corporate blog on Thursday.

The malicious links appeared after people searched for terms related to the Better Business Bureau and cars, according to Exploit Prevention Labs, a security company. All the paid-for links masqueraded as legitimate sites and redirected Google users to the actual sites after sending them to smarttrack.org, which served up the malicious code, Exploit Prevention Labs said.

"We detected about 20 different search strings that resulted in links to smarttrack.org," said Roger Thompson of Exploit Prevention Labs. "There were multiple ads linking to a single site, a high level of planning, and cunning by the bad guys."

Web threats are on the rise. Security firm Trend Micro predicts that by next year, Internet users can expect more cyberattacks to originate from the Web than via e-mail. The threat hasn't gone unnoticed by the security industry. Tools such as Google's Toolbar for Firefox or Google Desktop, Exploit Prevention Labs' LinkScanner and McAfee's SiteAdvisor can offer protection by blocking known bad sites or rating search results.

Google is looking at its AdWords practices to prevent similar incidents in the future, the company said. "This is an issue we've taken very seriously and will continue to monitor," it said. "We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts."

See more CNET content tagged:
Google AdWords, Google Inc., link, security


Join the conversation!
Add your comment
Google has long turned a blind-eye to the many hijinx which people have used to divert traffic, install spyware and other illegitimate schemes.

This is a great example of corporate responsibility and a great stride in the continuing battle against Spyware which I and TigerDirect have fought against for years.

I look forward to Yahoo! and other ad agencies to 'tighten their grip' on what people are advertising when not a good thing.
Posted by lonny paul (52 comments )
Reply Link Flag
Not Google's fault at all -- It's M$
This is not google's fault any more than it is a newspaper's fault for running an ad for a "10,000" mile "like new" car that ends up having "120,000" miles on it when the buyer gets it.

Once again this is entirely Microsoft's fault for a swiss cheese operating system that allows malicious software like this to be installed. Google shouldn't have to do M$'s work.
Posted by Anon-Y-mous (124 comments )
Link Flag
Perhaps cnet and download com will do the same.
Posted by redhook9 (2 comments )
Reply Link Flag
Perhaps cnet and download com will do the same.
Posted by redhook9 (2 comments )
Reply Link Flag
Don't see a problem...
I don't see a big problem here as I hope that a majority of people already have different antispyware and anti-keylogging tools, making stealing of passwords impossible. For those who don't have such tools installed I can only recommend to visit anti-keylogger.org or another site dedicated to anti-keyloggers and download such a tool asap.
Posted by VanceTyler (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.