Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

FFSearcher Stealthily Hijacks Your Searches

by Terrence O'Brien on July 2, 2009 at 08:35 AM

Click fraud, the redirecting of search requests to malicious sites, is one of the more easily recognized pests in the malware world. The problem for the fraudsters is that most users quickly realize something is amiss when they search for something on Google and it is instead displayed on some other (and likely unfamiliar) site.

But the hackers behind the new Nine Ball attack have figured out how to disguise their click fraud scheme by using Google's AdSense for Search program. The Google product allows users to put a Google search box on their page, and the company profits by collecting commission on ads displayed alongside the results. FFSearcher, as the new scheme is called, has found a hole in the system that allows it to hijack all searches on Google and redirect them through a custom AdSense search. That means that search results are displayed with little evidence that the data is being intercepted by a third party. The fraud is even harder to recognize since FFSearcher doesn't point you towards other malicious sites, it simply collects revenue if a searcher clicks on ads displayed on the results page.

SecureWorks has alerted Google to the fraud, and Google has begun shutting down AdSense accounts associated with it. Unfortunately, FFSearcher has the ability to switch accounts, meaning Google may simply be engaging in a wild goose chase.

Thankfully, there are ways to detect an infection. AdSense searches don't appear exactly the same as a standard Google search. If your search results page doesn't display a total number of results, you may have been a victim of FFSearcher. If you think you have been compromised by FFSearcher, run anti-malware programs (yes, plural) such as Spybot, AVG, or -- for the more advanced among you -- HijackThis. [From: Washington Post, via SlashDot]

Tags: adsense, adsense for search, AdsenseForSearch, click fraud, ClickFraud, ffsearcher, nine ball, NineBall

Add your comments

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

HuffPost AOL Social News Most Popular