Click fraud, the redirecting of search requests to malicious sites, is one of the more easily recognized pests in the malware world.
The problem for the fraudsters is that most users quickly realize something is amiss when they search for something on Google and it is instead displayed on some other (and likely unfamiliar) site.But the hackers behind the new Nine Ball attack have figured out how to disguise their click fraud scheme by using Google's AdSense for Search program.
The Google product allows users to put a Google search box on their page, and the company profits by collecting commission on ads displayed alongside the results.
FFSearcher, as the new scheme is called, has found a hole in the system that allows it to hijack all searches on Google and redirect them through a custom AdSense search.
That means that search results are displayed with little evidence that the data is being intercepted by a third party. The fraud is even harder to recognize since FFSearcher doesn't point you towards other malicious sites, it simply collects revenue if a searcher clicks on ads displayed on the results page.
SecureWorks has alerted Google to the fraud, and Google has begun shutting down AdSense accounts associated with it. Unfortunately, FFSearcher has the ability to switch accounts, meaning Google may simply be engaging in a wild goose chase.
Thankfully, there are ways to detect an infection. AdSense searches don't appear exactly the same as a standard Google search.
If your search results page doesn't display a total number of results, you may have been a victim of FFSearcher. If you think you have been compromised by FFSearcher, run anti-malware programs (yes, plural) such as Spybot, AVG, or -- for the more advanced among you -- HijackThis. [From: Washington Post, via SlashDot]
No comments:
Post a Comment