Users searching Adobe Flash Player on Bing and Yahoo are at risk of being infected with a hard-to-remove rootkit, according to security firm GFI Software.
The attack was discovered among Bing's sponsored results, in a page called "Download Flash Player" on a website called GetAdobeFlash.com. The page redirects to a malicious page that invites users to install Flash Player 10 - which instead installs a danergous rootkit. Yahoo, which uses Bing's search technology for its results, is similarly affected.
"In this case, we're talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now," explains Alex Eckelberry, vice president and general manager of the security software division at GFI. "Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting)."
This isn't the first time Bing's sponsored results have been hijacked and used to distribute malware. In September, GFI's researchers uncovered a similar attack that affected users searching for software including Firefox, Skype and uTorrent.
"Microsoft needs to get a handle on ad placements on Bing," sais Eckelberry.
Hackers are believed to have moved to Bing after Google, which has been affected by similar scams in the past, moved to make it more difficult to place ads to malicious sites.
"If the user is asked to download a file from a potentially suspicious website then they can likely escape unharmed, but if the rogue sites are serving up exploits and drive-by installs then things could become a lot more problematic," warned GFI senior threat researcher Christopher Boyd.
Users are advised to download and install software directly from the vendor's website to avoid the risk of such drive-by installs.