Cenzic 232 Patent
Paid Advertising
web application security lab

Google Clone Drops Spyware

In a twist of a pharming attack Google has been targeted for typo domain squatters who built a look-alike website that also happened to install a trojan horse. Great! Typically pharming is where you take over a DNS or install malware to point somoene to an alternate domain. This, however, is another take on the same old attack we have grown to know and love.

The part that I think is interesting in this is not the attack they used - it’s old and boring. What would be interesting is to combine the attack used against Google and building a fake search engine based on where the user was previously. This attack simply requires that you have your code on whatever site is going to get the traffic. That means that you can XSS a page and if you see the referring URL come from a Google domain you can hijack the traffic when the page unloads.

The problem that Google currently faces with typo domain squatters can mostly be handled by better fraud detection by the domain registrars. What I’m discussing with building a fake search engine is not solvable. Google has bigger issues with people building fake websites and then getting Google to host their ads through Adsense on Google itself. Forget taking over a domain, it’s just not required if people think that whatever domains Google is hosting on it’s ad section is safe - a poor assumption at best.

Comments are closed.