• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

iFrame Piggybacking on Google Searches to Install Malware

April 1, 2008

Views: 5,668

[ad]

These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it?

It just shows once again the spammers will think of all kinds of weird little tricks to get their goods pimped online

Hackers have found a new way to get Google to point to malicious websites with the help of unwitting websites such as TorrentReactor, ZDNet Asia and several other CNET-owned properties.

As a result, more than 101,000 Google search results that appeared to lead to pages of legitimate sites actually directed end users to sites that attempted to install malware.

The hack, which was first documented Wednesday by Netherlands-based researcher Dancho Danchev, takes advantage of the practice by many sites of logging search queries typed into their search boxes and storing them where search engine bots can see them. The terms are then indexed by Google and other search engines and included in the results they return. Exploiting the weakness is as easy as typing popular search terms into a popular website along with the text of an IFRAME that points to a malicious website. Within time, the strings will be included in results returned by Google and others.

Pretty dodgy eh? These ones are straight installing malware too, not even pointing to phishing sites or straight up adverts/porn sites.

This is going for mass infection, possible a part of some large botnet operation.

In the second half of 2007, 51 per cent of sites hosting malware were legitimate destinations that had been compromised, as opposed to sites specifically set up by criminals, according to security firm Finjan. In the case here, neither ZDNet Asia nor TorrentReactor were compromised, although the criminals were clearly taking advantage of their strong page ranking and the trust that many end users have in them.

The injected IFRAME redirects unwitting users to sites associated with the Russian Business Network, F-Secure says. The sites try to install malicious programs with names including XP Antivirus 2008 and Spy Shredder Scanner.

The attackers are also notable for the care they’ve taken to cover their tracks. The malicious sites will only attack users who click on the link as it’s returned from Google or another major search engine. Client-side honeypots or security researchers who merely type the address into a browser will receive an error message indicating the site is unavailable.

Even if the site itself is secure, a small architecture flaw allows things like this to flourish, apparently ZDNet Asia fixed the issue. There are still 100’s of other large sites still effected though.

Source: The Register

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Exploits/Vulnerabilities, Malware, Spammers & Scammers, Web Hacking



Reader Interactions

Comments

  1. zupakomputer says

    April 1, 2008 at 12:39 pm

    As the article says, this is taking advantage of the way the searches are indexed. I’ve never agreed with those kinds of methods of returning searches; I’m not interested in what other people looked for – I’m interested if the website creator says they have whatever info I’m looking for (in their tags) and have specified or if the text or images (or whatever else specified) contains the terms I typed in.

    Search engines tend to be awful and they’ve been getting worse for years; thesedays your finding what you really wanted is wholly dependant on someones else having also searched for the same thing.

    I remember when the phrase or keyword you typed actually retuned results and ALL of them contained that phrase / keyword. There’s too many results thesedays that also claim to have what you typed in – and you go to the page…..and there’s nothing there to do with it, then there’s the ones that direct you to: another search engine. Rubbish.

  2. goodpeople says

    April 1, 2008 at 12:59 pm

    It would be a good day if this marked the end of the Google/Yahoo etc. searchbars….

  3. Pantagruel says

    April 1, 2008 at 7:12 pm

    @goodpeople

    Indeed it’s always a pain to explain why people should refrain from this ‘apperently’ handy piece of software.

  4. ZaD MoFo says

    April 1, 2008 at 10:10 pm

    Again the stupid idea of being the biggest or the best!

    Google had in a way ejected all the others search engine from what was a choice act. But when the near ONLY choice get contaminated with malware, how come a simple answered question could bring such great security treat. Google now is a big business and will take long to react. This is the price to pay for a single source of answers.

    By the way, Dancho Danchev, a blog I visit frequently, made a fabulous investigative work on the subject.

  5. Pantagruel says

    April 2, 2008 at 9:08 am

    @ZaD MoFo

    Thanks for the blog hint.
    Danchev has been indeed following the iframe inject problem for quite some time (judging by his blog entries). He also touches some other problems and phenomena which are good reading stuff.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 311

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 337

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 532

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 521

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 707

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,979

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,292,521)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,075)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,616)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,677)
  • Password List Download Best Word List – Most Common Passwords (933,468)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,137)
  • Hack Tools/Exploits (673,290)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,148)

Search

Recent Posts

  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy