Google Video Search Results Leading Users to Malware
January 28, 2009 – 2:29 pmHackers and cybercriminals are always on the outlook for new ways to gain traffic and commit crimes for monitory gain
Security researchers have found where Google Video Search Results were used to trick users into visiting malware sites that spread the W32/AutoTDSS.BNA!worm infection through adult web sites. This new campaign relays solely on Google Video traffic where they hope to get server inquiries for legitimate videos.
The bogus content is currently being crawled by Google where the search results are shown on Google video search queries which leads users to a malicious site to spread a worm infection. In this case the number of search queries has reached 400,000, which is the number of queries that have been hijacked to trick users into visiting the same adult website that serves malware. You can only imagine the number of computer users who may have landed on a certain malicious page through a Google Video search in hopes of viewing a particular video.
The scary part about this new malware campaign is that the cybercriminals have been syndicating legitimate YouTube video titles from all types of topics so the number of legitimate or non-adult video search queries is around the high number of 400,000. Researchers have identified that this number is increasing in real-time due to the fake content being crawled by Google Video.
The cybercriminals maintain a portfolio of 21 publisher domains that have bogus video content being crawled. Through some of those 21 publisher domains, if a user comes across content from them they are then taken to a redirection point found to be porncowboys .net/continue.php. Then it they may be taken to a well known adult site template at xfucked .org/video.php?genre=babes&id=7375 where you get the infamous “Flash Player versions is out of date” notification and this is where the malware can be ported directly onto your machine in the form FlashPlayer.v3.181.exe from trackgame .net/download/.
Google’s security team knows of this situation and they will be taking action to rectify the matter. Until that happens you are armed with this bit of information to avoid infection of the W32/AutoTDSS.BNA!worm Worm.
