ATLANTA -- Security software developer Exploit Prevention Labs http://www.explabs.com today released a video at http://explabs.blogspot.com/2007/04/video.html documenting how cyber criminals are using Google's popular AdWords advertising system to infect unsuspecting users with malware. The video is also posted
to YouTube at http://www.youtube.com/watch?v=iD0wdzQb8XY
As the video shows, cyber criminals ran Google ads for legitimate, trusted organizations like The Better Business Bureau. When users clicked on the ads, they were redirected to a malicious web site that attempted to exploit a common security vulnerability in Internet Explorer. Users who hadn't installed Microsoft's latest security patches were infected with a so-called postlogger - malware that's designed to steal confidential account access information, in this case from customers of 100 different banks.
"The Google attack signals an escalation in the tactics used by the bad guys
to take advantage of unpatched vulnerabilities in common software programs,"
said Roger Thompson, CTO of Exploit Prevention Labs. "Exploits are threatening to undermine users' trust in even the most widely used websites like Google,
Yahoo and MSN."