9 May 2011

Is Microsoft Hacking Google Images?

There has been a lot of chatter on the Internet recently about Google image searches occasionally redirecting to a Bing image search. After experiencing this for myself I decided to look into the matter and what I found was quite an elaborate hack

The problem seems to only occur in Google Chrome, however when using Firefox I was taken to a 404 page instead of Bing. Checking the source on that page I found a short bit of Javascript that was clearly trying to reconstruct more Javascript. This is done to hide what the Javascript is trying to do, if you have the know-how you can piece it together again.

The script was randomly pulling images to the compromised site, probably to trick Google’s image indexing bot into thinking the image originates from that site. Somewhere buried deep inside the compromised site is the code that redirects when it notices Google image poking around. The hack could have been done manually although the number of compromised sites suggests it's a piece of software reproducing itself (virus).

The virus will not infect your computer, it simply infects the websites that are hosting the incorrectly indexed images. Athos, a security expert from a Hungarian security company named BalaBit, has written a detailed explanation on how the malware does it's thing.

If you’re curious and want to run some Google image searches to see what’s going on, you’re safe to do so as long as you don’t download anything. There have been reports of some users being redirected to a site that attempts to download malware instead of redirecting to Bing but this does not appear to be prevalent. Regardless, if you’re running Windows it's always wise to keep your virus definitions up to date.

For web users this is simply an annoyance, but it is an indication that there are loopholes in Google’s Image search which are being exploited. It’s not likely that Microsoft would go to these measures to generate traffic for Bing, but the Internet loves corporate espionage conspiracies.

No comments:

Post a Comment