14 DAY TRIAL // Malware distributors have managed to poison the search results for Google Chome on Microsoft's Bing search engine by buying sponsored links.
One of the monetizing methods used by search companies are so-called sponsored links. These are paid-for results which are displayed at the top of search result pages for certain terms.
For example, searching on Google for "chrome," a name commonly used to refer to an application's user interface, will display the site to download Google's Chrome browser at the top.
This is not because the page has the best rating for that particular term, but because Google paid for it to be displayed at the top. The result is clearly marked as an ad.
The same thing can be done on other search engines and, according to antivirus vendor Trend Micro, cyber criminals abused this feature on Bing.
The company's researchers report that searching for Google Chrome on Bing displays a malicious sponsored link as the first result which takes users to a page spoofing the Google Chrome download site.
The executable file served from this website is actually a piece of spyware detected by Trend Micro as TSPY_ONLINEG.MU. It contains a rootkit component that helps hide its other files.
The malware's main purpose is to hijack the DNS entries for www.google.com, search.yahoo.com and www.bing.com by modifying the Windows HOSTS files.
By forcing requests for these websites to their own servers attackers can monetize search traffic, because victims will be forced to use their custom search pages.
Trend Micro researchers point out that Internet Explorer 9 actually flags the download as malicious thanks to its SmartScreen Application Reputation technology.
"Funny that the ad server is not aware of threats the same as the browser. I am not pointing fingers here. Expect a lot of similar ruses in the near future though," notes David Perry, Trend Micro's global director of education.