Skip to main content

Be Careful, Searches May Provide False Download links

By April 25, 2018June 8th, 2022Cybersecurity

If you’re downloading software from the web, be careful.  Take the extra step of verifying that you’re on the developer’s website, because the hackers have a new trick up their sleeve.  It’s actually a deceptively simple one.

Hackers are buying ads on Google and Bing’s search engines, with the links in their ads pointing to malicious sites they control.

This is an almost shockingly simple technique, and broadly speaking, it works like this:

Searches are keyword-based.

Anyone can bid for advertising space on the major search engines.  The higher you bid on any given search term, the more often your ad gets displayed.

Ads are always displayed at the top of the search results, with the organic results coming below them.  Bid high enough on a high traffic keyword, and your ad gets seen by lots of people.

The danger, of course, is that people tend to trust search engine results to take them where they want to go. Often, users won’t pay much attention to the site URL they’re being directed to.  Hackers take advantage of that fact, putting poisoned sites literally right under the noses of unsuspecting users.

Recently, researchers discovered that if you search the term “Chrome download” on Bing, the ad that most commonly gets displayed doesn’t take you to Google’s download area. It takes you to a poisoned site that offers malware disguised as Chrome, and a high percentage of users are clicking the link and downloading without paying attention to where they are.

This kind of campaign is possible because hackers are making tons of money elsewhere, stealing personal information and reselling it.  They’ve got money to spend, and are spending it to further extend their reach.

The lesson here is simple: Even if you’re on a popular search engine, pay close attention to where the links are leading on the search results page.  Failing to do so can have tragic and expensive consequences.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.