Unscrupulous advertisers have used Google AdWords banners in an attempt to obtain internet users' bank account details.

Exploit Prevention Labs, an internet security firm, found ads had been purchased against keyword search results like "betterbusinessbureau" that linked through to a spyware applet that would dupe users into entering account details into fake online banking pages.

Upon clicking the sponsored link listed against search results, users were sent to Russia-based smarttrack.org, which attempted to install the spyware, before being redirected to their intended destination.

"It happened so quickly, that an ordinary user just wouldn't even see it," said Roger Thompson from the company in an explanatory video.

"Lots of links in any search engine point to infective sites, so that's not really a surprise, but this does highlight a significant issue," he wrote .

"When you move the mouse over a normal, organic search result, Google shows the URL you are about to navigate to if you click. If, however, you mouse-over a sponsored result, no URL preview is shown. This means that a user has no clue where she is about to navigate to.

"Fortunately, Google seems to have terminated that account ... but we detected about 20 different search strings that resulted in links to smarttrack.org, so it is not yet clear if all the links have been cleared up."


Published 30 April, 2007 by Robert Andrews

243 more posts from this author

You might be interested in

Comments (0)

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.