Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 23rd, 2008

Google Flooded With More Than A Million Of Open Redirect Links That Infect Users With Malware

According to researchers from CyberCrime & Doing Time blog, a Google search showed that the web is littered with more than one million links pointing to a single rogue domain. While the links appear to point to trusted domains, people who click on them are taken to a malicious website that claims they need to install security software or offers to stream video.

Miscreants are exploiting weaknesses in webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers. Sites like,, countless media outlets, magazines, universities, and other websites can be found in the search engines in this way.

The scam takes advantage of websites which have a “URL redirect” on them. A URL redirection program allows the website owner to “send” users to another website, while keeping track of where they went. They are often used in conjunction with an exit page that says something like “You are now leaving our site and being redirected to a new location.” The problem is that many of those sites actually allow other people to use their URL to redirect traffic as well. The miscreants have managed to cause Google to “learn” many of these URLs by placing them on sites they control.

Currently the redirections are injected for the domain, which was registered December 19th to infect users. An example search terms results the Microsoft open redirector as the number one search result on Google:

Some of the other sites with open redirectors being targeted by attackers include:,,,,,,,,,,,,,,,,,,,,,,,,,

The attacks can be especially useful in tricking users to install software. Many of the Microsoft links, for example, appear to relate to an Internet Explorer download, so users are already prepared to install software on their machines. However, the Microsoft links redirect users to a site that runs a fake computer scan that purports to find dangerous malware, then offers a rogue “anti-virus program” for users to run.

Other exploited websites offer video streaming, so visitors may not be surprised when they’re told they need to install a new codec – and that’s exactly what happens.

The perpetrators of this scam have planted comments all over the web that cause search queries such as “download fruityloops 6 free” (and many relating to porn) to return high-ranking results that point to popular sites that are vulnerable to the exploit.

Share this item with others:

More on CyberInsecure:
  • Cross-Site Scripting Vulnerability On Helps Malware Spam Distributors
  • Google Code Project Abused By Spam And Malware
  • Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection
  • Spam And Malware In Google Ads
  • Easter Related Search Engine Results Poisoned, Redirect Users To Malicious Applications

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Flooded With More Than A Million Of Open Redirect Links That Infect Users With Malware

    One Response to “Google Flooded With More Than A Million Of Open Redirect Links That Infect Users With Malware”

    1. IT People in general looked down on the web application threats. Now, we’re seeing more and more dangerous mass attacks using web exploits. Well done. They are starting to be afraid that web threats are more than an XSS alert box.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.