Google image search can execute malicious code

During my monitoring of the feeds from my local CERT group, I found a reference to vulnerability in Google Images Search that allows remote code execution. The CERT bullitin (Danish) The suggested solutions is to use the no-script plug-in to your browser.

Image taken from Krebs-on-Security blog

The attacker starts with compromising legitimate website here the place their script. That automatically generates web pages based on the most popular Google searches, the script then finds more keywords by getting the auto complete answer from Google search based on the original keyword. The script also retrieves images to its fake web pages. The logs from compromised servers show that sites that did not have a high google page rank, suddenly have a high rank for the maliciuis autogenerates pages. Toi my taht indicates that the script is doing some form of googleBot webcralwer optimazation. The attack happens when the site is preloaded through the thumbnail iframe with a Google image search and the malicious code is executed.

http://isc.sans.edu/diary/More+on+Google+image+poisoning/10822

http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/

Advertisements
This entry was posted in IT Security, Week 20. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s