Google AdWords links hijacked

Google admits to problems with adwords being hijacked by sites trying to instal malware.

You are reading: Google AdWords links hijacked

Google Google has admitted that criminals have been hijacking some of the search engine’s sponsored links in an attempt to install malware onto users’ computers.

Though Google has not released any figures on the number of users affected by the attacks, or which search terms were involved, though some reports say that links for around 20 keywords had to be removed.

Scammers have been buying links which appeared to be associated with search terms, but which actually redirected people to the Russian-based website, which then attempted to install spyware onto users’ PCs before sending them to their original destination.

This redirection happened so quickly that users may not even have noticed that anything untoward was happening.
Google closed down the links in question as soon as the problem was discovered last week, though some may be concerned about the security of AdWords after these attacks.

The threat was discovered by net security firm Exploit Prevention Labs, who had searched on Google for the term ‘how to start a business’. It discovered that the top link purported to be from, a small business consultancy, but the hyperlink actually led to a malicious website.

According to the company:

“This discovery highlights problems facing all sponsored search vendors – how to determine the legitimacy of any individual advertiser, and how to determine whether a redirected link is being used legitimately.”

The attack appears to have been isolated, affecting only Windows XP users who had not updated the anti-virus software on their computers.

Google explained the problem on the Inside Adwords blog:

“On Tuesday, April 24th, Google identified and cancelled AdWords accounts displaying ads that re-directed users to malicious sites. These sites attempted to install malware onto users’ computers.”

“This is an issue we’ve taken very seriously and will continue to monitor. We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts.”

Latest from the blog