Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Text Ads For Known Malware Sites

Posted by kdawson on from the not-evil-no-sir dept.

notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

1 of 110 comments (clear)

  1. What Google should really be responsible for... by Moryath · · Score: 5, Informative

    Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

    It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

    Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

    Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.