Slashdot Mirror
Google Text Ads For Known Malware Sites
notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?
I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?
There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.
To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?
This is NOT "stuff that matters"
News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!
I work for the Department of Redundancy Department.
A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.
Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Comment removed based on user account deletion
Sorry, this is just not evil enough, and looks more like an oversight. Post something about Microsoft instead if you want to post evil things companies do.
i thought it was possible to select what kind of content you were ok with having in your hosted google ads, i.e able to choose not to have anything mature advertised on your site
My roommate got that virus on his laptop. It's a P3 500Mhz, a little old and slow to run these kitchen sink firewall/antivirus programs that are out now.
I did get SpyHunter to identify the problems, which it did admirably. (you gotta pay for it to actually FIX the problem).
When you go into Safe Mode and try to delete some of the offending files, it STILL access denies you. I had to use Task Manager to stop the explorer shell altogether, then 'DEL' them from the command line. Once done I ran ole' trusty Autoruns to clean up.
I told him that virus is usually contracted from the bigger gay porn sites and he just looked sheepish.
That doesn't sound like a blind eye.
Quit trolling
Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.
Comment removed based on user account deletion
So why worry?
At least this way the malware companies pay someone and end up infecting no one.
Seriously have YOU ever clicked on an ad?
I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
And that's after about two thousand visits to the site and maybe 200 downloads!
Here is my 'required by google' policy on the ads:
http://gentooxo.org/disclaimer.shtml/
So useless are the ads that I am thinking I will simply drop them...
I don't know the meaning of the word 'don't' - J
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
Taking the local traffic cop a step further:
How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?
GO to the back of any magazine and you will inevitably find at least one questionable business. Even the main advertisements on the front can be questionable: Enron used to publish big colorful ads.
Advertisements and editorial content has always been a separate thing.
Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
/sarcasm on /sarcasm off
Yes, I am sure that with all the smart people at google it never occured to ANYONE that maybe it would be a good idea to use that spam/malware site filter on adwords. Its not like those are two of the most well known groups at Google or anything.
Google has been selling ads to link farms forever even though it (attempts) to filter them out of search results. It is their policy to do so even though they do everything they can to lower their rank in regular search results.
It would be easy for them to do so but they choose not to do it. Come on guys, if Google filtered and MS did not everyone would be ranting about how MS is promoting malware and spam to make a quick buck.
Tell my mother-in-law that.
Seriously. Some of these are scams, but there are also real genuine people getting married to real genuine people through weird international hookup things.
notthatwillsmith must be a reporter from NBC or somthing. Did you seriously write a big evil corporation story about 1 text ad? Then at the end you do the whole "Was this a one-time oversight?" thing. Good job on findiung and sensationalizing Nothing.
Why is it so hard to only have politicians for a few years, then have them go away?
I'm glad they gave you net access in the pokey, Hans...
(What? Too soon? :) )
Comment removed based on user account deletion
http://www.google.com/products?q=powerbook+g3+lithium+ion+battery+M4685&btnG=Search+Products&show=dd&scoring=p
Still links to malware sites, it's a search for a powerbook g3 battery on google shopping... the $60.06 ones are all links to badware
I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.
"You are infected with a malware that you picked up because of your browsing habits"
Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site. I actually had just updated my virus definitions (avast), and updated my firewall. My windows updates are not as up to date as they could be, which is rather why I ask which one takes care of this exploit?
The behavior was a forced reboot with no option to run cmd to abort it. After windows said something about not connecting to "all" network drives, which is odd as I don't have any network drives setup. Then the process "brastk.exe" appeared.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:
"spybot": 3 sidebar, 1 at the top.
"adaware": 3 at the top
"ad-aware": 1 sidebar, 1 at the top
I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.
One thing I can never figure out: Gmail's spam filter is awesomely amazingly accurate. In the years I've had my gmail account, I think maybe 3 spams have made it through, and I've had 0 false positives.
Given that, why can't they apply that same well-learned spam filter to their ad words? An email subject line and an ad-words tag line are not all that dissimilar. It might cut down on the 99.9% of crap that comes through along the lines of "make 40k per month", "looking for [insert term]? find it here!", and "natural herbs online that pharmacy don't want you to know about!"
Unless there's one of those "things" going on. Maybe Google is perfectly capable of filtering them out, but they chose not to. They know that their adwords are unobtrusive to most, and blocked by the rest-- and maybe they know that their spammy ad words don't actually generate any significant business. So they gladly allow them, knowing the ads are worthless-- but will gladly take the spammer's money.
It'd be a beautifully perverse poetic justice: the spammers are shelling out cash hand over fist to buy a worthless product because they perceive it will earn them tons of cash. =)
UTF-8: There and Back Again
News Flash: The Internet is a potentially dangerous place! There are bad things out there.
Is anyone particularly surprised that a business isn't actively trying to police it? That would be a huge sinkhole of money.
Oh and their anti-malware site protection on search results isn't perfect either. Occasionally stuff still slips through.
Nothing to see here, move along...
Google doesn't give a f*ck, i've seen it happen, not with malware sites but with an electronics store scam. They'd change their name every few months but they always had their google ads to lure customers. They "sold" high-end cameras, plasma tvs, whatever, for very low prices, never sending the items to the customers. Some people did warn Google; did Google care? No.
It seems like half of the stories here are posted for us to go through the same gratuitous cycle. A halfway baseless article criticizes or praises a company that for some reason a lot of us like and a lot of us dislike. A lot of people post about the article proving that the company is evil. Other people respond and defend the company. A few posts on either side are reasonable and balanced. A few are reasonable and unbalanced. Most are just a big pile of poorly concealed flame. Then we repeat in 90 minutes with a new target.
I'm getting tired of criticizing Google, myself. I am not a fan of the company by any means, but what's the point of posting roughly the same hate cycle 3 times a week? Half of the more unique stories are even beginning to feel pointless to me now, since most of the discussions end up heading toward creationists, atheists, or a general left vs right (or libertarians vs. everyone) brawl.
"I zero-index my hamsters" - Willtor (147206)
Quit posting rational, cautionary, suffices--how can we complain about that?
(Seriously, good reminder)
That's not a lone example. Search with Google for "craigslist auto posting software". These are all paid Google ads:
We track the "bottom feeders" in Google AdWords over at SiteTruth. We consider about 36% of Google's advertisers, out of a set of 20,000 ad domains, to be "bottom-feeders" - no visible business address, or we have other negative info. If you download AdRater, our Greasemonkey script for Firefox, we rate the advertiser behind every Google ad you see and display a rating icon on top of the ad. (Yes, the plugin "phones home". It tells us lots of stuff about the advertiser, which we're interested in, and very little about the user's browsing, which we don't care about. The plugin is open source, so you can check this.)
With the information we have, it's painfully obvious that Google isn't picky about their advertisers. The example in the article is one of many, not a unique exception.
Google CEO Eric Schmidt was quoted last month as saying "The Internet is fast becoming a cesspool" Was he complaining, or boasting? Much of that is Google's doing.
and if the links go to EvilLand, send the deposit back, and notify SpamHaus and the other badware trackers.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Well thanks for the mod bomb. But I don't care if this also gets -1 Troll. Google rakes in cash and doesn't care where they get it from. They sell our information to THE HIGHEST BIDDER.
Most of the people interested in buying information from Google, use that info for nefariously shady dealings.
There is no coincidence that Double-Click and Google are one and the same.
Do no evil? LOLOLOLOLOLOLOLOLOLOLOLOLOL
The dangers of knowledge trigger emotional distress in human beings.
Claiming to do no evil since day one is more profitable than conceding a loss to Satan's forces and being honest. You have to tell the truth to get out of Hell. Remember, we're dealing with Double Click here, not just Google. They are one-and-the-same.
The dangers of knowledge trigger emotional distress in human beings.
A while back my credit card info was stolen and I first noticed it because of some suspicious charges.
What were the charges?
Google adwords. Several hundred dollars worth and all pointing to malware sites.
Clearly, the first for steps whomever stole my credit card info were to set up ads directing folks to sites that could potentially be used to infect more machines, steal more info, etc.
This was almost a year ago, so Google (at some level) has to know that this sort of thing is going on. And if it's still going on a year later, it must still be successful as a way to spread malware.
Not it's possible Google isn't doing anything about it because they think that if they start policing it, they may be exposed to more liability.
Corollary to Hanlon's razor: Any significantly advanced stupidity is indistinguishable from malice.
Maybe Google should change their motto to "Do slightly less evil than the other guy."
"But this one goes to 11!"
One of the sites I visit on a regular basis is a site called housepricecrash.co.uk . It is a site for people who think real estate is going to fall in price.
The google ads on that site are mostly for property investment clubs, which is the last thing their readers are going to visit.
LOLOLOLOLOLOLOLOLOLOLOLOLOL
Just checking... is that "Laughing out loud out loud out loud out loud" or "Laughing out laughing out laughing out laughing out loud"? :)
Google AdWords are still in beta, its a work in progress. Soon we shall see final release without such bugs.
I'd have to say that is someone who can't contain their laughter.... similar to the old fashioned "Bwhahahahahah!!!"
The dangers of knowledge trigger emotional distress in human beings.
I found an add for a money making scheme - "Make $1000/day using Google" best of all!
The ad also says only a CC is needed - yea, ahem, sounds like phishing to me!
I'm afraid Google may have to implement some new technology to filter out future garbage like that: Actual humans actually reading through AdSense candidates!