Riding on the popularity of the various online services offered by Google (NASDAQ: GOOG), scammers have resorted to a new technique: Exploiting the search functionality in Google Images to redirect users toward malicious websites. According to PC World, the attackers were apparently targeting websites running PHP code--such as WordPress, planting their own PHP scripts after breaking in. These scripts generate pages that are populated with images for indexing by Google, and at least 5,000 sites are reported to have been compromised so far.

The exploit happens when a user clicks on a thumbnail in Google Images, says Internet Storm Center researcher Bojan Zdrnja in a blog entry. As far as can be determined, the destinations that hapless users are whisked to are sites that peddle fake antivirus (AV) software. For now, Google says it is already aware of the problem, and is working to detect malicious pages.

For more on this story:
- check out this article at PC World
- check out this blog entry at Internet Storm Center

Related Articles:
Websense posts update on LizaMoon SQL injection malware campaign 
Lessons learned from the Samsung malware that wasn't 
Microsoft targets AutoRun worms on Vista, XP via Windows Update 
Hackers broke into Nasdaq network