Security Corner

Oct 2 2008   8:12PM GMT

Beware Google AdWords Phishing Attack



Posted by: Ken Harthun
Tags:
Cybercrime
Malware
Phishing
Rootkit
Security

Criminals are targeting Google AdWords customers with phony emails requesting the victim download a 128-bit SSL certificate. A client received this version (there are quite a few variations):

From: Google Adwords account [mailto:adwordsupdate@google.com]
Sent: Monday, September 29, 2008 8:52 PM
To: <potential victim>
Subject: Google Adwords Alert

Attention GOOGLE ADWORDS Customers!

For certain services, such as our advertising programs, we request 128-bit SSL security information which we maintain in encrypted form on secure servers.
We take appropriate security measures to protect against unauthorized access to our unauthorized alteration, disclosure or destruction of data.
Please download latest SSL protection certificate

Read more>>

Unprotected browsers will not be able to Log in after September 30, 2008
Sincerely, Genaro Escobar.

2008 Google Adwords, Developing new services.

Unsuspecting victims who click on the “Read more” link are taken to a malicious website where their machine is infected with a keylogger rootkit. The URL of the site varies, but is similar to this one:

hxxp://adwords.google.select.starter.signup.privatelogin.6uwwcgx2pxuijw4.siteminderagent.privatelogin.mekefri.com/login.htm?/cfmasternbank/memberverify/OSL.htm?LOB=2418214764&refer=wWCgX2PxUijw4nP

Of course, the actual domain the person arrives at isn’t google.com, but, in this case, mekefri.com.

A good rundown on this attack can be found at: Digital Certificate Spammer Goes for Google Adwords

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: