New Method of Delivering Malicious Ads via Vulnerable Websites Revealed by Researcher
A researcher has recently discovered a new technique that exploits vulnerable websites to deliver targeted, malicious ads to search engine users. This method has the potential to unleash a wave of malware capable of overwhelming victims. Jerome Segura, senior director of threat intelligence at Malwarebytes, has shed light on this alarming discovery in a blog post.
The key behind this technique lies in dynamic search ads, a feature employed by Google that matches targeted ads with searches based on the content of a website’s landing page. Segura explains how an attacker took advantage of this feature by using a fake software ad on a compromised website to specifically target search engine users.
Interestingly, Segura believes that this entire endeavor may have been accidental. He stumbled upon the ad when searching for common keywords used by hackers which often lead to fake advertisements for office applications or remote monitoring software, among others. The specific keyword in this case was PyCharm, a popular Python programming development environment.
To Segura’s surprise, the search results yielded a sponsored ad with a matching headline but a snippet that seemed unrelated, pulled from a wedding planning site. Through Google’s Ads Transparency Center, he discovered that the rest of the website’s content had nothing to do with Python, highlighting a discrepancy between the ad’s title and description. This raised the question of why someone would create a title that didn’t align with the description.
Upon further investigation, Segura uncovered that certain pages within the neglected wedding planning site had been injected with spam-generating malware. As a result, these pages presented visitors with a deceiving PyCharm serial key pop-up. Moreover, Google’s dynamic ads feature picked up on this malicious content, leading to the ad being displayed to Segura during his search.
Should an unwitting visitor click on the PyCharm pop-up link, they would become inundated with malware infections, rendering their computer completely unusable. Segura speculates that the attacker may have sought to maximize the number of malware downloads to increase cybercrime commission payments.
This discovery raises concerns about the vulnerabilities of small and midsize businesses’ websites. Segura points out that these websites are typically created by web agencies and then neglected, leading to outdated WordPress core and plugin versions. This lack of maintenance and security patches leaves these websites easy targets for hackers.
Segura suggests that Google could play a role in helping search engine users avoid falling into such traps. By flagging cases where targeted ads and website content significantly diverge, such as a wedding website featuring an ad for software or a restaurant advertising software, Google could provide a valuable layer of protection.
In conclusion, the revelation of this new method of delivering malicious ads via vulnerable websites serves as a sobering reminder of the importance of website maintenance and security measures. Without proper care, businesses become easy prey for hackers, risking not only their own reputation but also the security and trust of their customers.
