It seems that scammers have found a way to infiltrate Google search to push malicious software to visitors. Many have complained about Google Image search results directing them to pages that prompted them to download anti-virus scareware via misleading error messages and alerts (ie. Your computer is infected! Click here to fix!).
According to SANS Internet Storm Center, these attackers have been able to distribute malicious scripts across an unknown number of sites which populate the pages based on topics from Google Trends. These scripts than grab images from other sites which makes them look legit in an image search.
“The user’s browser will automatically send a request to the bad page which runs the attacker’s script. This script checks the request’s referrer field and if it contains Google (meaning this was a click on the results page in Google), the script displays a small JavaScript script…[that] causes the browser to be redirected to another site that is serving FakeAV. Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google’s image search seem to be plagued with malicious links.”
A Russian malware researcher, Denis Sinegubko, says this is “the most efficient black hat trick ever,” and added that it was very simple to set up. Sinegubko says about 5,000 sites have been hacked, with the average site containing 1,000 of these bogus pages. This results in Google sending 15 million visits to these sites every month.
Google spokesman Jay Nancarrow said the company is aware of the attacks and is making “active efforts to improve both the quality of the results and malware detection.” He added that they are “improving, as are the people trying to put users at risk, and in the interests of those users it’s best if we don’t reveal everything that we’re doing about this.”
Sinegubko is developing an add-on for Firefox that can flag these evil Google Image search results by placing a red box around them. You can also protect yourself by using an add-on like Noscript, which restricts what sites can run scripts in your browser. Similar add-ons exist for Google Chrome as well.