Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Google image search being infected by hackers

The problem first appeared late last year when video files of an adult or tabloid sensationalist nature were spammed out to internet users and, when the URL was clicked upon, the user was told to download a video codec to allow them to view the 'file'.

It now seems that the hackers have returned to this modus operandi, but enhancing it using Google image search to lure people in, and, when the URL is clicked through, the user is asked to update their Adobe PDF viewing software.

According to Webroot security researcher Andrew Brandt, he and a few colleagues discovered a number of rogue images of a US map that, when clicked upon, redirected web surfers to pages that "deliver an installer of a rogue antivirus in the security tool family of fine, fraudulent products."

"What really caught our interest was how the hack behaved, depending on the operating system and browser you used. With each different browser configuration, we were treated to one of several different, specially crafted malware delivery web pages", he said.

To test the extent of the hack, Brandt and his team "played around" with the manipulated search results using five different browsers with their default settings: Internet Explorer 6 and 8, Safari 5, Google Chrome, and Firefox.

"We then searched for USA Map and clicked the second result that appeared under the header 'Images for USA map' with all but the first image result that appeared on that first page of results linked to the malicious Web site", he said in his security blog.

The result of Webroot's research was a mixed bag, but the broad issue was the rogue images could end up infecting users, Infosecurity notes.

"The final piece of our research involved fiddling around with the Web domain to which all these manipulated search results link.

After sending a few dozen queries at the server, the server started pro-actively responding to the queries, which means, Infosecurity notes, that the hackers had coded their server at a sophisticated level.

What’s Hot on Infosecurity Magazine?