Search Engine Poisoning (malicious ad)

A very valid question that comes up all the time is “how do people get infected with malware” or “how do people lost personal information?” and there are so many ways that people are blown away by some of the examples I show them.

Today I came across one nice one again… Malicious Ad’s or Search Engine Poisoning… I used coinbase for some bitcoin activities and I wanted to transfer some bitcoins. So I typed in “bitcoin” into google and this is what came up coinbase1

So far so good and everything looks great. I now just click on the first link as this is an ad where someone pays Google money and Google not being evil, must mean that this is good, right? wrong.

All visual signs suggest that this is legitimate and the URL goes to google.com, but that should be ok as well, right? A look at the source reveals that this goes to google before it goes to one URL shortener to another URL shortener and then to the final destination!)

coinbase5

 

after the first URL shortener, we’ll see this!coinbase2

oops…

Luckily it was already known that this site is up to no good, as this server did hold a number of “nice” phishing pages designed to steal your bitcoin wallet information. With the current price of over 120 USD for one bit coin, that could be a very lucrative business

Some examples are:

coinbase3 coinbase4

 

Approximately 1h after notifying google, the malicious ad was gone, but please make sure you double-check where you click on.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>