Cybercrooks are exploiting security flaws in Google Image Search to try to frighten people into buying evil software.
If you’ve ever seen a flashing banner saying something like “CAUTION — YOUR COMPUTER IS AT RISK” then you are a click away from being led down the path of perdition.
According to the SANS Internet Storm Center (always worth checking when a friend sends you another shouty email telling you yet again that some new bug has been classified by Microsoft as the most destructive virus ever) the villains have “compromised an unknown number of sites with malicious scripts that create Web pages filled with the top search terms from Google Trends.”
Click on an image, and there’s a possibility you’ll be routed to a page offering unverified anti-virus “scareware”, complete with misleading security alerts and warnings.
As far as we can tell, if you simply ignore the ads no harm will ensue. But of course we’re not experts, so we can’t be sure. Keep calm and shut your browser down. You can restart it straight away.
Apparently there are more than 5,000 hacked sites, injected on average with about 1,000 of these bogus pages. This means Google Images is referring about 15 million searches a month to these scam merchants — a mere drop in Google’s ocean, of course, but still a significant number.
There are free plug-ins available which will enable your browser to detect such evildoing. Check out Noscript for Firefox, and a chap called Denis Sinegubko is developing another Firefox plug-in that will flag malicious Google Image search results by placing a red box around images that appear to link to hostile sites, but I don’t think it’s ready yet.
Thanks to Netapplications.com for alerting me to this.