As we blogged about here and here, ScanSafe has been observing large numbers of website compromises that foist malware which tampers with Google search results. The malware also includes a component that steals FTP credentials. So if a victim also happens to run their own website(s), the attackers now have access and can inject the malicious Gumblar script. This causes exponential growth of the attacks: new victims -> potential new sites to compromise -> more new victims -> potential new sites to compromise -> more new victims and so on.

It's a vicious cycle and one that has led to 80% growth in the number of compromised sites this week compared to last week.

I was asked yesterday for an estimate of how much money the attackers might be making from the Google search redirects. It's an impossible question to answer; I wouldn't even want to hazard a guess. (If anyone knows how to possibly estimate this, let me know!). What I do know is that there's definitely a lot of money in the Internet advertising pot. The May 2008 Internet Advertising Revenue Report placed Internet ad revenues at $21.2 billion for 2007, with search-derived ad revenue at 41% of that total.