Billions of people trust Google services every day. From quick web searches to email services to productivity tools, Google is an integral part of daily life.
Unsurprisingly, hackers spend a lot of time and effort trying to break into Google or finding a way to exploit their services. And so it is with a new attack that is being used to install malware on unsuspecting victims’ computers.
Topping Google’s search results
The goal of every website owner is to get to the top of Google’s search results. The closer your site is to the top of the results, the more likely that someone will click through and buy your products and services.
Google’s algorithms are so accurate that the top result will almost certainly give us what we want, so we usually click the top link. And we rarely think twice before doing so.
Infecting high-performing websites
Hackers are now using our search habits against us. They are breaking into high performing websites and using them to infect unsuspecting users with a malware variant called Gootloader.
Once they have obtained login details for a high performing website, the criminals create several new pages. Each is targeted to at a specific search term – the sort of phrase you would type into Google, like ‘does a swimming pool add value to my house?’. These may not be very popular search terms, but that is why they rise to the top of Google’s search pages so quickly.
Beware the zip file download
When a user clicks through from Google, the page provides some basic information about their search query – but to find out more they must download a zip file. Helpfully, the zip file name is the same as their query (swimming_pool_house_value.zip), making it look even more convincing.
But once the zip file is opened, the Gootloader malware infects the user’s computer. The damage varies, but the virus may encrypt files or steal sensitive information like credit card numbers and passwords.
Protecting yourself against Gootloader
The best way to protect yourself against Gootloader infections is to treat Google results with some degree of scepticism. Just because a site ranks highly does not mean you can automatically trust everything on it. Do you really need to download a zip file to answer your question?
Taking a few extra seconds to think about what you are doing could save many hours or days of problems caused by a malware infection.
You should also have a trustworthy anti-malware tool installed that can detect and block malware automatically. Panda Dome will scan zip files as they are downloaded, blocking anything that is suspicious or potentially harmful. If you are fooled into clicking a hijacked Google result and you do download an infected file, Panda Dome offers a final layer of protection.