War between google and cyber criminals

Cybercriminals are using a loophole in Google’s Web site to redirect unsuspecting Web users to malicious Web sites that try to install malware. 

McAfee Avert Labs has spotted spammed HTML-formatted e-mails that include a link that appears to point to Google, but actually sends Web users to malware-laden Web sites.
“Although this type of technique is not necessarily new, the problem is that Google is not preventing the redirects to such sites,” McAfee Avert Labs Researcher Vinoo Thomas writes on the Avert Labs blog.
The scam takes advantage of a so-called open redirect on Google’s Web site. This open redirect lets anyone craft a link that to the untrained eye looks like it goes to the search engine, but actually goes elsewhere on the Web.
Open redirects are all too common on the Web. Phishers have taken advantage of such redirect links on major Web sites such as Yahoo and Microsoft’s MSN before. Now it is Google and the links are pointing to actual malware, meaning that after a click malware will try to install.
The redirects could be prevented, Thomas writes: “Google must be aware of this redirect abuse, and it’s hard to understand why they don’t prevent these redirects working for known bad file types or for spam and malware sites.”

Cyber criminals are turning their attention - and their botnets - to Google’s AdWords service. A new Trojan has been discovered that forces zombie PCs to search out Google ads for particular companies and click on them. According to Panda Labs, which uncovered the scam, hundreds of online merchants are being affected.It is not clear whether the motive is blackmail, the work of a rival merchant or simply a malicious proof of concept.The Trojan, dubbed Clickbot A, uses a familiar click fraud technique. The scam usually works when a fraudster wants to damage a rival’s e-commerce business. Using either human or automatic methods, the fraudster will register hundreds of clicks on a Google Ad for which the sponsor is billed even though there is no chance of making a sale.

By using a botnet to perpetrate the click fraud means that it is difficult to detect although it is clear that the attack is happening as the cost per sale shoots through the roof. Because there are estimated to be in excess of 34,000 zombie machines in the network, the criminals behind the scam are able to cap the number of clicks from any particular IP address and so avoid suspicion. Similarly, merchants and Google find it hard to distinguish between genuine sales inquiries and clicks from the zombies.

‘Renting and selling of botnets has become a genuine business model for cyber-crooks,’ said Luis Corrons, director of PandaLabs. ‘The scam we have now uncovered exploits infected systems to generate profits through “Pay per Click” systems, instead of by installing spyware sending spam’.

According to Panda Labs, Clickbot.A consists of two parts. The first is an executable file that launches a dynamic link library on the system, which later deletes itself. The second is Browser Helper Object for Internet Explorer that notifies the attacker that the computer is infected. It even allows the control components to be updated. The bot then registers in the database of the control system, checking that the controller has given authorisation to start clicking. If told to go ahead, it will request the list of addresses from which to click.

Related posts:

1. Google dont have confidence on clik fraud company
2. Tracking Bots using Google Analytics
3. Is your information safe from google
4. Google stomps on AdWords exploit
5. Google buys into security, acquires GreenBorder
6. Cyber criminals are becoming more professional

Related posts brought to you by Yet Another Related Posts Plugin.