Beware of search engine ads: Social engineering in action

Cyber crime in actionBefore proceeding further some common question to all readers.

  • Which search engine do you use? Google, yahoo, Bing, Lycos etc?
  •  How many of you know about virus, worms, malware, spam, social engineering, session hi jacking etc.?
  • How many times you clicked the link which led you to a known page but the web address is somewhat different?
  • Have you ever been the victim of such things, like clicking on image or any link may lead spam installation by default into your system? Or one fake message will be spread to all you friends from your account? (I am sure more than 70% would lie in this category).

It shows that Social Engineering, an oldest but very sophisticated weapon is still active amongst us because of our callousness, lack of proper knowledge about internet activities and all. Recently there was news that Bing search ads are leading visitors to install malwares in their computers. Although Bing  Search engine is not so popular and not having even 20% Google’s traffic but still it attracted cybercriminals to spread worms through it.

How it works?

  • Whenever you search for anything say Fierfox, Flash, Torrent, Google chrome,  any images, songs, mp3 free download (these are most common terms, :D).
  • It will list millions of links and you will see few ads at the top of it, at the right side of the search result.
  • If you click on them (not authenticated or say criminal’s provided link), it will lead you to look alike page and It will allow you to install that particular software also but it may attach its own infected programs with it which will silently get installed without your knowledge.

How we can avoid it?

  • Don’t try to click on ads unless and until you think it is necessary and relevant for your specified work.
  • Check the redirecting links before clicking. When you will hover on that good ad link, at the bottom of the browser, you will be able to see the link. If you find anything suspicious then don’t click on such links.
  • If you have clicked by mistake then before installing or providing any crucial information, please check the web address. If that is the address which you were looking for then it’s ok else just close that website. Ex: You may see Facebook like page and it will allow you to login at Facebook also but its web address will not be
  • Instead of that it may or or anything except the original one.
  • Don’t trust your anti-virus blindly and be little cautious before doing any activities that may lead attcks to your system.

Ed Bott is an award-winning technology writer who reported this issue to Microsoft. And after 5 hours of reporting, Microsoft banned that particular hosting server and fixed the issue mostly.
A Microsoft spokesperson told him :
Microsoft has identified the malicious ad and took the appropriate action to remove it. The advertiser also can no longer post ads on Bing. In addition, the site’s URL is no longer available via adCenter. We remain vigilant in protecting consumers, advertisers and our network from fake online insertion orders and continue to directly work with our agency media partners to verify and confirm any suspicious orders.

P.S. :Most common way to spread spam is through most famous social networking sites. So Facebook, twitter, Google+ users,  please be more conscious before clicking on any links and before installing any executable files.

Image source:

Sanjeev Jaiswal

He loves web programming and security and co-founder of Alien Coders. He usually shares and helps engineering students and IT professionals in academics and jobs. An avid reader and quick learner.

Share your comment

%d bloggers like this: