IndustryGoogle’s goo.gl URL Shortener Used for ‘Drive-by’ Malware Attacks

Google's goo.gl URL Shortener Used for 'Drive-by' Malware Attacks

A new malware attack is luring victims by using web-based exploits to perform a 'drive-by' malware download under the guise of an electronic money transfer. Attackers make use of Google's goo.gl link-shortening service to hide the attack site.

Concept image representing virus malwareA new malware attack is luring victims by using web-based exploits to perform a ‘drive-by’ malware download under the guise of an electronic money transfer.

Researchers at Solera Networks reported that the attackers make use of Google’s goo.gl link-shortening service to hide the location of the attack site.

The attacks claim to originate from the ‘Electronic Payments Association’ and notify potential victims of a failed direct deposit attempt. Clicking on the link included with the message redirects to a site which attempts to perform a number of exploits using vulnerabilities in Flash and Java.

Andrew Brandt, director of threat research at Solera Networks Labs, told V3 that the attacks are part of a much larger trend in which cyber criminals target browser plug-ins and third-party components.

“I am seeing non-stop examples of this every day and it is becoming a really big deal. Even with an older browser you can be relatively safe if you update things like Flash, Adobe Reader and Java,” he said.

The attacks also highlight the use of third-party link-shortening services. Other malware and spam operations have made similar use of such tools to insulate targets from the actual attack site.

“Cyber criminals are switching gear from sending the malware as an attachment, to drive-by downloads. Next week it will be different, but I keep seeing these attacks over and over again,” said Brandt.

This article was originally published on V3.

Resources

The 2023 B2B Superpowers Index
whitepaper | Analytics

The 2023 B2B Superpowers Index

8m
Data Analytics in Marketing
whitepaper | Analytics

Data Analytics in Marketing

10m
The Third-Party Data Deprecation Playbook
whitepaper | Digital Marketing

The Third-Party Data Deprecation Playbook

1y
Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study
whitepaper | Digital Marketing

Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study

1y