Searching For Chrome on Bing Could Lead To Malware

Posted on 13. Jul, 2011 by in Chrome, News

flattr this!

bing 300x231

Bing users who are fans of Chrome should exercise caution in their searches. Turns out a few rather enterprising malware distributors have purchased sponsored links on Microsoft’s search engine. For those of you who don’t know, sponsored links are those that appear at the top of the page when a search engine displays search results for you. Said results are usually legitimate, and carry little to no risk of containing security threats. You’d think that whoever was in charge of the search engine might, I don’t know…screen the results, particularly with sponsored links. I don’t know about you, but if someone paid me to host a link at the top of a search engine I was running, I’d make damned sure that link was safe for my users before allowing it to be posted.

Truthfully, I’d say that something like this was allowed to get through reflects rather poorly on whoever’s in charge of Bing. To that end, I’m not sure whether this is a bad thing or a good thing for Google. Could be good, because it might push a few users away from Bing. On the other hand, it could be bad, because of the means by which the malware infects one’s system.

The Security Threat

searchresult bing

See, usually, searching for “Chrome” in a search engine displays the site to download the Chrome browser in the sponsored links. Google themselves paid for it to have such a prominent position, because hey- they want their  Such is the case on Bing, except that now; the top link leads to a spoofing site, designed to resemble Google’s own download site as closely as possible; with one tiny exception. Instead of Chrome, users who click the download link will receive a rather nasty surprise.

“…if you clicked the Download button, which is the big blue one in the upper right-hand corner, your Internet Explorer (IE) browser would interfere, telling you that this download is suspect of infection.

And if you would not pay attention to this, you’ll end up having an infected system. Trend Micro threat response engineer Kathleen Notario noted that once the file is downloaded, it is saved as chrome_11.0.696.68.exe (currently detected as TSPY_ONLINEG.MU) in your system. This spyware then drops cleanhtm.exe and cleanhtm.dll into the%Application Data% directory. These files have rootkit capabilities that enable them to hide processes and files. TSPY_ONLINEG.MU also modifies the HOSTS file by adding the following entries:

  • {BLOCKED}.{BLOCKED}.118.187 www.google.com
  • {BLOCKED}.{BLOCKED}.118.188 search.yahoo.com
  • {BLOCKED}.{BLOCKED}.118.188 www.bing.com

This will eventually direct the user to the IP addresses owned by the perpetrators whenever the listed sites are accessed.”

google chrome spoof

The reason for this? Apparently the perpetrators have a search engine of their own, and instead of actually competing; they’re using the malware as an underhanded method of generating search traffic. I guess if you’ve got nothing to offer consumers, that’s one way to make them use your service. Now, you’ll notice that- and this is to Microsoft’s credit- via its Smartscreen Application Reputation software; Internet Explorer is aware of the risk of infection, even if the folks in charge of Bing’s ad server are blissfully unaware. It flags the download as dangerous (something which it doesn’t do if you’re downloading Chrome through legitimate channels), and attempts to warn users away from it.

So what this basically comes down to is that the folks who run Bing are the ones at fault here.

How to Avoid Infection

double malwareThis is a pretty simple one. If you’re looking to download/install Google Chrome, and when you click the download link, it attempts to give you an .exe file instead of taking you to an install page…get the hell out of there, because you’re not downloading Chrome. Lack of awareness/lack of caution is one of the most considerable tools in the arsenal of malware distributors. By being aware of stuff like this and practicing safe browsing, users can significantly reduce the risk that they’ll leave their browsing session with a few unwanted guests on board their system. Exercise caution. And in this case, caution involves no longer trusting Bing’s sponsored links- at least until they pull their head out of an undisclosed location and fix their damned search engine.

Until then, you could always just use Google.

via Softpedia, Trend Micro

  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite
  • services sprite

Related posts:

  1. Malware is Arriving to Attack Chrome Specifically
  2. Google + Facebook Is Likely Malware- Here’s How To Get Rid Of It
  3. Firefox Loses Firebug’s Lead Programmer To Chrome

Tags:

One Response to “Searching For Chrome on Bing Could Lead To Malware”

  1. Google user

    13. Jul, 2011

    Thank god I use Google.
    And since it doesn’t look like original page and doesn’t have that URL, I don’t believe it :)

Leave a Reply

Name

Email

Website

Comment