Instant Previews: A Pawn for Malicious Intent

Ever noticed a magnifying glass next to your Google search results lately?  It is actually a new service that Google launched last week called Instant Previews.  This service allows users to see what a page looks like before going to it by hovering or clicking the magnifying glass next to the Google search results.  

Simple?  Yes.  Secure?  Not so much.  Our research shows that the images shown in Instant Previews is not updated as frequently as anyone might assume.  Therefore, we don't think this feature would help users as much in making an informed decision on judging whether a link is indeed malicious or not.  On the other hand, Websense customers are protected from this attack by our ACE real-time analytics.      

We reported some Black Hat SEO'd websites from searches relating to Prince William's engagement yesterday.  Using Google's Instant Preview on the malicious search results may lead users into believing that  the links they're clicking on is actually safe when in fact it's not. 

Take the picture above for example.  Instant Preview returns a very legitimate looking page, complete with pictures and relevant words.  To unsuspecting eyes, it looks clean.  Of course, when the user clicks the link, they will be redirected to the fake Firefox Update page.  This tactic is also evident on Black Friday related search results.

Other variations of images used by malware pushers in Instant Previews are the usual standard Google Search Page and a very simple "Preview not available."