Cyber criminals have been using Google’s AdWords advertising system to infect unsuspecting users with malware, it has been discovered. The search giant has now pulled the ads, which linked to legitimate websites.
When users clicked on the ads, they were redirected to a malicious website that attempted to exploit a security vulnerability in Internet Explorer. Users who
had not installed Microsoft’s latest security patches were infected with a so-called postlogger – malware designed to steal confidential account access information.
The Google attack signals an escalation in the tactics used by the bad guys to take advantage of unpatched vulnerabilities in common software programs, said Roger Thompson, CTO of Exploit Prevention Labs. Exploits are threatening to undermine users’ trust in even the most widely used websites like Google, Yahoo and MSN.
Google has said that it will evaluate its systems to ensure that the appropriate measures are in place to block future hacking attempts.