Hackers are buying ads on Google and Bing’s search engines, with the links in their ads pointing to malicious sites they control.
This is an almost shockingly simple technique, and broadly speaking, it works like this:
Searches are keyword-based.
Anyone can bid for advertising space on the major search engines. The higher you bid on any given search term, the more often your ad gets displayed.
Ads are always displayed at the top of the search results, with the organic results coming below them. Bid high enough on a high traffic keyword, and your ad gets seen by lots of people.
The danger, of course, is that people tend to trust search engine results to take them where they want to go. Often, users won’t pay much attention to the site URL they’re being directed to. Hackers take advantage of that fact, putting poisoned sites literally right under the noses of unsuspecting users.
Recently, researchers discovered that if you search the term “Chrome download” on Bing, the ad that most commonly gets displayed doesn’t take you to Google’s download area. It takes you to a poisoned site that offers malware disguised as Chrome, and a high percentage of users are clicking the link and downloading without paying attention to where they are.
This kind of campaign is possible because hackers are making tons of money elsewhere, stealing personal information and reselling it. They’ve got money to spend, and are spending it to further extend their reach.
The lesson here is simple: Even if you’re on a popular search engine, pay close attention to where the links are leading on the search results page. Failing to do so can have tragic and expensive consequences.