MALWARE DISTRIBUTORS have managed to get their rogue ads displayed on Bing and Yahoo when users search for popular software downloads.
The paid links take users to web sites resembling those products' home pages, but hosting malware instead.
The malicious advertising, or malvertising, campaigns were detected by security researchers at GFI Software, who warn that rogue ads are displayed when searching for terms like 'Firefox download', 'download Skype' or 'download Adobe Player'.
"As you can see, they're not particularly complicated or unusual searches so you probably wouldn't be jumping through hoops to reach these things," said Christopher Boyd, a senior security researcher at GFI.
Since these ads always appear at the top of the page before the actual search results, and since the rogue websites they point to are near perfect copies of the real ones, the attack most likely has a high infection rate.
The malicious software served from these pages is a click fraud trojan that features a rootkit component. Its primary purpose seems to be click fraud, which it performs by hijacking internet searchers.
The malicious file has a poor antivirus detection rate at the time of writing, with only 16 out of 44 antivirus engines listed by Virustotal blocking it and, according to Boyd, rogue Bing and Yahoo ads might not be the only method of distributing it.
Cybercriminals have long managed to trick advertising networks into accepting rogue ads, usually by posing as legitimate advertisers, but in recent years Google, one of the most frequently targeted companies, has implemented strict background checks and other fraud detection methods.
It's not clear if these efforts have pushed attackers towards alternative search engines or if there are other reasons for their expansion. "Google rarely makes public announcements about changes it makes to its algorithms, especially where security is concerned, so it is hard to say with any certainty whether examples of this type of malware attack via Google are decreasing in number," Boyd told The INQUIRER.
"However, as Bing continues to grow in popularity and the brand establishes itself, it is becoming much more of a target, which is why the attacks we have identified come as no surprise, and are unlikely to be the last we will see of malvertising via the Bing search platform," he added. µ
Sign up for INQbot – a weekly roundup of the best from the INQ