Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Horse targets Google Adsense

Posted by CowboyNeal on from the buy-this dept.

dorkygeek writes "The Register reports that nogoodniks have developed a Trojan horse program that produces fake Google ads posing as the real thing. The as-yet unnamed Trojan replaces legitimate ads served via Google AdSense with promos for penis pills, porn sites and the like. Techshout says the Google AdSense team confirms 'that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer.'"

24 of 84 comments (clear)

  1. Hard to tell if you have the virus if... by technoextreme · · Score: 3, Insightful

    you visit a lot of porn sites. How can you tell if those pennis pills and porn sites are the real ads or just a virus?

    --
    Ooo man the floppy drive is broken. No wait. The computer is just upside down.
  2. Re:My complaint against Slashdot by fleaboy · · Score: 3, Funny

    In the words of a good friend of mine, "If you spot it you got it." Have a happy new year!

    --
    Life is a gift. And my Karma couldn't possibly be 'Positive'
  3. Marketing campaign? by PIPBoy3000 · · Score: 2, Interesting

    Perhaps Google just wants more premium subscribers. From the detailed article:
    The Adsense Trojan Horse attacks small publishers. The premium publishers and ads displayed by Google's websites are apparently unaffected.

    1. Re:Marketing campaign? by _Sharp'r_ · · Score: 5, Informative

      Google sets much higher restrictions on who they allow to become a premium publisher, such as a bare minimum of 10 million page views/month.

      Google also gives many more options to their premium publishers, so most "regular" Adsense publishers would love to become one.

      Thus, there is no incentive for Google to create a Trojan Horse because they want "more premium subscribers".

      But the Adsense code is highly restricted for regular publishers, meaning you aren't allowed to change it from Google's provided format. Premium publishers have additional variable options and changes to the code that regular publishers don't.

      Hence why the Trojan would be able to easily find regular Adsense code in a page, but may not identify a premium publisher's Adsense code as easily in order to replace it with a same-sized ad, for example.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    2. Re:Marketing campaign? by TubeSteak · · Score: 2, Interesting
      From TFA
      ...The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense, the program that lets website owners display ads from Google's list of advertisers. The Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.

      ...

      It has been further noticed that the Google AdLink Ads remain unaffected. The Adsense Trojan Horse attacks small publishers. The premium publishers and ads displayed by Google's websites are apparently unaffected.

      ...

      With the speed and promptness with which Google is working at this hour to fix up the vulnerability, Bangera says that he is absolutely confident that within no time the problem would be resolved.

      It might just be that I'm tired, but the article seems a bit difficult to parse.

      The best I can guess (from the last paragraph) is that affected [Adsense] ads are displayed differently from Adlink, etc & that Google can whip up some techno-wizardry to nullify the trojan's ability to interact with Ads by goooooooooogle.

      Still, that middle paragraph has me wondering how right/wrong my guess is.
      --
      [Fuck Beta]
      o0t!
  4. How long... by houstonbofh · · Score: 5, Funny

    My question is, how long did it take before anyone noticed? "Hey! These adds are more relevant than usual!"

  5. Does this mean? by Wallstreetfighter.co · · Score: 5, Funny

    I'm not going to get the penis pump I ordered from the ad? I guess I am worried about the wrong virus.

  6. no surprise, Windows problem, again, by rheotaxis · · Score: 5, Informative

    The Techshout article fails to mention that this appears to affect Windows users only. The Register calls it the "latest Windows malware threat", while one comment on Techshout confirms it. I suspect, without further details, that the Trojan Horse affects IE somehow. Anyone else have links to more technical details?

    --
    Software freedom...I love it!
    1. Re: no surprise, Windows problem, again, by rheotaxis · · Score: 2, Informative

      another link http://thirdsquare.com/adsense-hijacked-118

      --
      Software freedom...I love it!
    2. Re: no surprise, Windows problem, again, by porkThreeWays · · Score: 4, Insightful

      Details seem to be somewhat limited, but you are right. This seems to be malware that modifies the content IE presents. This is similiar to malware that goes through the pages you visit and looks for keywords such as "games" and automatically links them to whatever gambling site. These are difficult/impossible for website presenters to stop because the problem is with the infected machine, not the originating website.

      It's somewhat refreshing that google seems to just fix problems instead of accepting any sort of blame. It's also sad to see that many google-haters take this as an acceptance of blame.

      I'm a programmer, and I have to say, I probably would have just said "tough". I used to try and help the users of my sites with malware, but it just became a pointless battle. They didn't care and seem to put forth any effort. At one point I even forced them to do get scanned (forced is harsh. Automatically redirected to a anti-spyware online scan is better. They could close out the window at any time). I ended up supporting end users asking how to get the spyware off their computer and ended up taking blame for their spyware.

      And sadly, I feel like a slashbot saying the same statements as 5 years ago, however... If users would get pissed and proactive at Microsoft instead of everyone but them, maybe something would happen. But so many people are complacent and keep buying their garbage and accept this bullshit as normal. Nothing will ever happen as long as the majority of users don't care. That is, until their credit card gets stolen. Then they get pissed at their bank.

      --
      If an officer ever threatens to taze you, say you have a pacemaker.
  7. As described in TFA by Escogido · · Score: 5, Informative

    "Most of the ads were about gambling or adult content, which are banned categories in Google AdSense, clearly indicating a suspicious origin." It looks like it doesn't take a Sherlock Holmes to figure things out...

  8. What's the difference? by drsquare · · Score: 2, Interesting

    An advert is an advert, I block them all. I doesn't matter whether it's linking to some porn site or to some site selling digital cameras, it's all bollocks as far as I'm concerned.

    Why does it matter to the user whether it's a 'legitimate' Google advert or not?

    1. Re:What's the difference? by Anonymous Coward · · Score: 2, Insightful

      Since a lot of website owners invest a significant amount of money and time into their sites, is it not reasonable for them to try and make some money back? If you expect to view their content for free, and block adverts in the process, you may find the content eventually dries up. Anyway, compared to some of the ridiculous flash adverts out there, google ads are a model of discretion.

    2. Re:What's the difference? by Anonymous Coward · · Score: 2, Insightful

      Because some of us do not block some ads like Google's, because they are mostly text and very relevant. I never clicked on a flashing banner ad, but routinely clicking Google ads because I am interested.

    3. Re:What's the difference? by fm6 · · Score: 4, Insightful
      We really need a downmod for parochial posts that say things like "This doesn't affect me, so nobody should care" and "X works for me, if it doesn't work for you then stupid".

      Anyway, your attitude towards advertising is brainless. Lots of media — newspapers, magazines, TV — have always depended on it. It can be obnoxious, but it isn't the great evil that so many economically illiterate netizens think it is.

      And if you actually buy stuff, which some of us overprivileged types have been known to do from time to time, advertising can be something you seek out. Recently I decided to buy a USB hard disk. I Googled those words because I wanted to see the Adsense ads. Does that make me a mindless slave of the advertisers? No, it makes me somebody who needed information, and used the most efficient way to get it.

  9. A simple HOSTS modification could allow this by gozar · · Score: 5, Insightful

    If you modify the users HOSTS file to point pagead2.googlesyndication.com to a different machine you can serve your own Google ads. Pretty clever, I'm surprised this hasn't happen before. I don't know how Google could stop this.

    --
    What, me worry?
    1. Re:A simple HOSTS modification could allow this by Steven.Brady · · Score: 2, Insightful

      >>If you modify the users HOSTS file to point pagead2.googlesyndication.com to a different machine you can serve your own Google ads. Pretty clever

      >Not really. You could serve your own google ads to yourself. Big deal.

      You wouldn't eant to do that to yourself, but if you could do that to 500,000 other peoples' machines, then you can make them see the ads that you want them to see. Add an understanding of the AdSense API, and theoretically you could even target the ads, although I don't use AdSense, so I don't know.

      Although, I'm not sure how well it would work. The SOP of most current virus scanners and Microsoft's AntiSpyware is to check for unauthorized changes to the HOSTS file.

  10. A word of advice by Neoncow · · Score: 4, Funny
    Google spokesblog advises users of The Internet to pay close attention to the Google ads. If you spot the obvious defacement, you are advised to Google your nearest Google representative and Gmail them about the issue. Remember only, attentive Google users will be able to prevent the spread of this virus.

    Google.

  11. Re:My complaint against Slashdot by Millenniumman · · Score: 2, Informative

    That post was made using a complaint generator.

    --
    Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
  12. I have seen something like this before by Chronos56 · · Score: 3, Informative

    A couple of years ago I was asked to look at a heavily infected machine. One unusual spyware program that was on this PC would intercept Google search requests and respond with several pages of ad based related hits that looked just like valid Google pages. I never did figure out what the underlying piece of spyware was causing it but was eventually successful removing it with Hijack This.

  13. You should have a look. by twitter · · Score: 2, Informative
    An advert is an advert, I block them all. I doesn't matter whether it's linking to some porn site or to some site selling digital cameras, it's all bollocks as far as I'm concerned.

    Some quick differences between a Google and Porn Ad:

    1. See the image in the linked article and compare that to carefully selected text from google.
    2. Spam adverts fund spam and yet more trojans, Google ads fund content on small websites.
    3. Following a spam link will almost certainly lead you to a malicious web site that will install yet more crap on your wimpy Windoze computer, speeding it's demise.

    Those are a few of the differences.

    --

    Friends don't help friends install M$ junk.

  14. I submitted this story on Thursday... by atanas · · Score: 3, Interesting

    and it was rejected. Is it more relevant today?

  15. Re:My complaint against Slashdot by WilliamSChips · · Score: 2, Funny

    And yet it's indistinguishable from most real complaints against Slashdot.

    --
    Please, for the good of Humanity, vote Obama.
  16. Mac vs Microsoft by daviddennis · · Score: 2, Interesting

    This is a fair question, and I'll try and give you a fair answer.

    The problem with Windows is that it took over the business world and forced a lot of us to work with it. We quickly found out that its quality was dreadful, and yet we could not make money with Unix because everyone was running pell-mell towards Windows. Thus, a HUGE amount of resentment towards Windows, because it was lousy, and because people were forcing us to use it.

    Apple, on the other hand, gave us a deal. "Hey guys," Steve said, "What if you could use a platform that has designer beauty, that will run all those cool commercial applications like Photoshop, but that is Unix underneath so you could run all your great free software?"

    Well, at the time he made this offer, computers running Linux either used window managers that took a week to set up, or had fonts that were so ugly they rivaled kindergarden scrawls in legibiilty. And to make matters worse, the developers of KDE and Gnome decided that Windows was the be all and end-all of user interface design and implemented the whole shooting match, from the Start button to the taskbar.

    So we started playing with the MacOS and we realized that this wasn't half bad. In fact, it's pretty darn cool. It's beautfully designed, well-engineered, and we can still play with our favorite command line toys. And hey, we're starting to make a few bucks, we don't need to put together a computer out of random dumpster parts for $2.98 anymore. We can afford a little luxury, and Apple's PowerBooks and PowerMacs are the most luxurious personal computers made, from the quality of their keyboards, to their screens, to their elegant metal finishes.

    Is it really that bad to run software controlled by a company? The reality is that it depends on the company. True, Apple equipment's expensive, and operating system and bundled software updates cost money. But Apple has never failed us. Each release brings us wonderful surprises and new fun stuff. The basic OS is solid as a rock, as long as you don't cheap out on your memory.

    To jog your memory, there are a lot of people who used Windows 2000 who loathed XP because of how oddly they switched things around. Apple has never done that. When they make improvements, they make sure they really are improvements. In short, although Apple is not a perfect company, they have shown themselves on the main to be a good, trustworthy partner, making computers that are genuinely beloved by the people who use them.

    In short, the problem of being controlled by a company depends on the company. And so far, Steve Jobs and his team have never failed us in creating cool, fun to use products. I don't think the Linux guys can say the same thing, since what they've done most of the time is to rip off old Windows and X11 interface ideas. Steve's willing to do things that are original, and beautiful, and some of us like both of those things, very much.

    It it nice to be able to play around and tinker with the OS? Only if you have time to burn. Many of us don't anymore, and would rather create something cool ourselves rather than messing around with someone people have already done. And I haven't noticed anything about the MacOS that seems like human waste products. it looks like a beautiful, slick, well-designed system that I genuinely enjoy using.

    In the end, for me, that's what matters, not whether I can fool around with the scheduler to my heart's content.

    Hope that helps.

    D