Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Writers Target Google's Sponsored Links

Posted by samzenpus on from the snake-in-the-grass dept.

An anonymous reader writes "It looks like the bad guys are gaming Google's sponsored links to spread their junk to people who click on the ads with unpatched versions of Internet Explorer. Attackers apparently bought the rights to several high profile search terms, including searches that would return results for the Better Business Bureau, among others. The story notes this was bound to happen, given the way Google structures sponsored links: "The bad guys behind the attack appeared to capitalize on an odd feature of Google's sponsored links. Normally, when a viewer hovers over a hyperlink, the name of the site that the computer user is about to access appears in the bottom left corner of the browser window. But hovering over Google's sponsored links shows nothing in that area. That blank space potentially gives bad guys another way to hide where visitors will be taken first.""

9 of 115 comments (clear)

  1. What do you expect? by Grishnakh · · Score: 2, Insightful

    That's what you get for using IE.

    1. Re:What do you expect? by Nazlfrag · · Score: 1, Insightful

      Nah, you get that just by running Windows.

  2. Who bought the ads? by AlHunt · · Score: 3, Insightful

    Wouldn't it be easy for Google to track the virus writers by who paid for the search terms?

    --
    1 in 4 Maine children in struggle with hunger.
    1. Re:Who bought the ads? by Anonymous Coward · · Score: 2, Insightful

      "3. One would expect Google to police their sponsored links a tad bit better than slashdot polices their article submissions. At least have a prominent easy-to-use Bad Guy reporting tool. The first thing that comes to mind - a little link like the cached link under each sponsored add might do the trick."

      I noticed the other day that one of my search results included a note about a particular link being potentially "unsafe" -- presumably because there were signs that the content at the other end contained exploit code of some kind, or some malware. It said "Warning -- the site you are about to visit may harm your computer!"

      Obviously they need to do the same thing for their advertisers!

  3. NoScript helps by bill_mcgonigle · · Score: 4, Insightful

    Normally, when a viewer hovers over a hyperlink, the name of the site that the computer user is about to access appears in the bottom left corner of the browser window. But hovering over Google's sponsored links shows nothing in that area. That blank space potentially gives bad guys another way to hide where visitors will be taken first.

    Google is doing something bad here - disabling a browser security feature with JavaScript (why? - that was fashionable a decade ago...). Firefox users can install NoScript to prevent this kind of chicanery. I'm surprised Firefox doesn't have a preference to disable allowing JavaScript to do this in the first place.

    (yes, that was a taunt for somebody to post the little-known about:config preference to disable this mis-feature)

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Re:In No Way Is This A Virus by echo_kmem · · Score: 3, Insightful

    Another Yawn is the whole 'Thats what you get for using IE'. The article states the problem lies within Unpatched Versions, not the application itself. Not that I am trying to defend it, just trying to keep the story straight as well. So, Yawn. Keep current on your patches.

  5. Re:Better Business Bureau by martinX · · Score: 3, Insightful

    Perhaps pr0n seekers, as a group, are more net savvy these days precisely because so much has been targeted at them. The new set of n00bs are the ones looking for the Better Business Bureau etc. Just a guess.

    --
    When they came for the communists, I said "He's next door. Take him away. Goddam commies."
  6. Re:Screen? by Cap'n.Brownbeard · · Score: 2, Insightful

    You're missing the point... it's just a link to another site that someone has paid to have appear in google's search results for certain terms. Google simply needs a more robust system of checking the validity of ad links.

  7. Doesn't this make the virus writers pay? by tlhIngan · · Score: 3, Insightful

    Maybe I'm missing something here, but it seems that if these virus/worm/malware writers are buying Google Ads, then they're paying for the links.

    Shouldn't it be possible then to do these searches, find out which ones lead to the virus, and just click from a safe browser? Surely it's possible to cost these people tons of money (to pay Google), and no returns (because no one gets infected)? Or at the very least, we'll end up hitting their click limit and their ads don't show anymore.

    If it happens to be a hacked Google account, well, then maybe the owners will secure their site better (a third party hacked site distributing malware is just as bad)? At least it will get them off the rotation earlier so maybe they'd get a clue why their account needs money but there's no follow-through.