Wednesday, December 19, 2007

Hijacking Google's ads...

The battlefield is changing, even the goals are now changing. In fact - the good vs. evil of the Internet world is changing so fast it's hard to keep up with what us good guys are supposed to protect.
A quick analysis of a recent article (here: Google advertisements hijacked by trojan) shows that the we're now facing something entirely different. The hacks aren't targeting what you'd expect, this trojan hijacks keyword results to send the user to different sites that the attackers control. The goals of this is anyone's guess but there are a few main possibilities:
  • Deliver malware based on search keyword hijacks
  • Deliver traffic (and thereby make money from) unsuspecting end-users
  • Cause financial damage against a company (Google here is the likely target)
In this type of attack, keywords are the battleground. With advertising and site traffic as the "easy way to make effortless money" as a source put it, there is no wonder that malware infestations have now been detected to hijack selective keywords and ad re-directions.
It's getting so that people can't even trust the ads they're being served up anymore... what's the world coming to?! Think about the bigger picture though - what happens when trust in some technology or technique starts to falter? Applying that to an advertising technique of a major Internet ad-placement vendor such as Google yields a very likely scenario if you subscribe to conspiracy theories... someone is trying to put Google out of business, or at least hurt their business by demonstrating that their system is vulnerable and ineffective for advertising.
Maybe I've stretched a little far, but the point is solid, I think. If you can't build a better mouse-trap, engineer mice that easily prove your competitor's product ineffective.

Genius. Or something far worse - either way you just never know what will be next. You can be sure of one thing though - it'll involve some way for the criminal element to scam money from legitimate business with as little effort and up-front cost as possible. Money is the root of all the evil out there folks, and if you still don't believe that... then you're simply not paying attention.

Read more about the Qhost.WU trojan here, at BitDefender's site.

No comments: