Google Video Poisoned With Malware

  • Comments: 1
  • Written on: January 28th, 2009

Dancho Danchev posted on ZDNet yesterday about 21 websites that were successfully gaming Google Video and using the service as a delivery vehicle for malware.

The whole scheme is a simple black hat concept.  The attackers are using 21 domains to host pages containing YouTube video content.  When the Google bot comes to crawl the sites, it sees the videos and ranks them in the Google search results.

This is where the magic happens.

People do a Google Video search, and receive results.  The results displayed for a certain search query are dominated by the 21 websites, ensuring the visitor will hit one of the infected websites.

When users click through to one of the 21 domains, the website detects that the referrer was coming from Google Video, and based on that redirects the visitor to a porn site.  The visitor is then told their Adobe flash is out of date and they need to download an update to see the naked girls.

Some people install the “update” which is actually  a malware infection and literally infect themselves.

Only visitors coming from Google Video get attacked.

This is one of the best cloaked attacks in history because if you later tried to browse back to the same website through a direct link or a book mark, you would see the relevant and related YouTube videos that Google sees when it indexes the website.

Normally the “well poisoning” of certain search terms in Google results can be easily detected and removed.  The fact that the site authors were cloaking their content made it more difficult to discover and analyze.

I suspect we are going to be seeing a lot of infections in my computer repair service centers over the next few days.

  1. Setai said on February 3rd, 2009 at 7:40 am

    Google have many problems lately. No more 2 or 3 days ago they marked all search engine results as possible spam or malware. Earlier the google video case…
    Let’s hope they’ll secure themselves for further attacks.

What do you think? Join the discussion...

How do I change my avatar?

Go to gravatar.com and upload your preferred avatar.

Subscribe to My RSS Feed

Subscribe Form Click to Subscribe or

      TwitterCounter for @thorschrock

Ed Wunder Loves Schrock's Service

Top Commentators

Schrock Innovations' New Ride

Revolution Wraps Rocks!

Geek Squad Hires Anyone!

Other Recent Videos


We're on the Morning Blend answering your Lincoln Nebraska computer repair questions regarding warranties


Need your computer repaired in Omaha? If you're never visited Schrock Innovations before (1st time client), stop by for a FREE hour of repair

Our Open Adoption

    Kim and I are seeking to adopt another child through Open Adoption. If you know of a birth mother seeking a stable, loving family in Nebraska, please direct her to our website at nebraskaopenadoption.com.

Thor's Sponsors

    Computer Repair Lincoln NE
© Thor Schrock 2009