Slashdot Mirror
Google Text Ads For Known Malware Sites
notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?
I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?
There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.
To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?
This is NOT "stuff that matters"
News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!
I work for the Department of Redundancy Department.
A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.
Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Comment removed based on user account deletion
i thought it was possible to select what kind of content you were ok with having in your hosted google ads, i.e able to choose not to have anything mature advertised on your site
My roommate got that virus on his laptop. It's a P3 500Mhz, a little old and slow to run these kitchen sink firewall/antivirus programs that are out now.
I did get SpyHunter to identify the problems, which it did admirably. (you gotta pay for it to actually FIX the problem).
When you go into Safe Mode and try to delete some of the offending files, it STILL access denies you. I had to use Task Manager to stop the explorer shell altogether, then 'DEL' them from the command line. Once done I ran ole' trusty Autoruns to clean up.
I told him that virus is usually contracted from the bigger gay porn sites and he just looked sheepish.
That doesn't sound like a blind eye.
Quit trolling
Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.
Comment removed based on user account deletion
So why worry?
At least this way the malware companies pay someone and end up infecting no one.
Seriously have YOU ever clicked on an ad?
I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
And that's after about two thousand visits to the site and maybe 200 downloads!
Here is my 'required by google' policy on the ads:
http://gentooxo.org/disclaimer.shtml/
So useless are the ads that I am thinking I will simply drop them...
I don't know the meaning of the word 'don't' - J
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
Taking the local traffic cop a step further:
How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?
Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
/sarcasm on /sarcasm off
Yes, I am sure that with all the smart people at google it never occured to ANYONE that maybe it would be a good idea to use that spam/malware site filter on adwords. Its not like those are two of the most well known groups at Google or anything.
Google has been selling ads to link farms forever even though it (attempts) to filter them out of search results. It is their policy to do so even though they do everything they can to lower their rank in regular search results.
It would be easy for them to do so but they choose not to do it. Come on guys, if Google filtered and MS did not everyone would be ranting about how MS is promoting malware and spam to make a quick buck.
No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.
---- Teach Peace. It's Cheaper Than War.
I'm glad they gave you net access in the pokey, Hans...
(What? Too soon? :) )
No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.
How is that blind?
Crack heads get thirsty too.
They're not your more ideal customer....
---- Teach Peace. It's Cheaper Than War.
You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:
"spybot": 3 sidebar, 1 at the top.
"adaware": 3 at the top
"ad-aware": 1 sidebar, 1 at the top
I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.
One thing I can never figure out: Gmail's spam filter is awesomely amazingly accurate. In the years I've had my gmail account, I think maybe 3 spams have made it through, and I've had 0 false positives.
Given that, why can't they apply that same well-learned spam filter to their ad words? An email subject line and an ad-words tag line are not all that dissimilar. It might cut down on the 99.9% of crap that comes through along the lines of "make 40k per month", "looking for [insert term]? find it here!", and "natural herbs online that pharmacy don't want you to know about!"
Unless there's one of those "things" going on. Maybe Google is perfectly capable of filtering them out, but they chose not to. They know that their adwords are unobtrusive to most, and blocked by the rest-- and maybe they know that their spammy ad words don't actually generate any significant business. So they gladly allow them, knowing the ads are worthless-- but will gladly take the spammer's money.
It'd be a beautifully perverse poetic justice: the spammers are shelling out cash hand over fist to buy a worthless product because they perceive it will earn them tons of cash. =)
UTF-8: There and Back Again
Hmm... within context, which Coke? =:^)
But really, as long as the customer isn't causing image problems for a company, most don't and shouldn't care /where/ their customers come from, or /what/ else they may do or buy or whatever.
And realistically, a Coke sign in a crack house is likely to have been ripped off from a bar or some such (maybe the bar tender was a customer and traded the Coke sign in for a hit?), or maybe somebody just thought it looked cool and bought it, like any of the other thousands of such signs folks have in their rec rooms or whatever. It's not like Coke likely had anything directly to do with it being there, other than licensing the use of its trademark to the sign maker and retailer, etc.
IOW, the Coke sign in the crack house is likely about as relevant as the Nike swish and the Just Do It logo (and yes, I'm aware of the double entendre, tho I noticed it /after/ I chose the example) on the addict's tee-shirt -- the one they pulled out of a bag left at the Goodwill or Salvation Army dropoff, or out of a dumpster they were diving in, looking for "recyclables".
Duncan
"Every nonfree program has a lord, a master,
and if you use the program, he is your master."
R Stallman
News Flash: The Internet is a potentially dangerous place! There are bad things out there.
Is anyone particularly surprised that a business isn't actively trying to police it? That would be a huge sinkhole of money.
Oh and their anti-malware site protection on search results isn't perfect either. Occasionally stuff still slips through.
Nothing to see here, move along...
I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.
"You are infected with a malware that you picked up because of your browsing habits"
Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site.
As they said, infected due to your browsing habits.
If you were running an ad blocker, you couldn't have been infected by an ad. It almost certainly required scripting, with a good chance it required cross-site scripting, as well. Thus, scripting off by default, regardless of your ad viewing preferences, would have stopped it in most cases, and even if you had that mainline site whitelisted, the malware site it tried to load stuff from would have fallen into the no-scripting default and thus would have been blocked.
Also, browsing habits could well be defined as inclusive of the platform you choose to browse from, and almost certainly would include your choice of browser. You don't here of so many getting infected running say firefox on MS, and even fewer running any of the even semi-common Linux platform browsers...
All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!
So yes, browsing habits, indeed. Just because they are common browsing habits doesn't make them /safe/ browsing habits.
Duncan
"Every nonfree program has a lord, a master,
and if you use the program, he is your master."
R Stallman
It seems like half of the stories here are posted for us to go through the same gratuitous cycle. A halfway baseless article criticizes or praises a company that for some reason a lot of us like and a lot of us dislike. A lot of people post about the article proving that the company is evil. Other people respond and defend the company. A few posts on either side are reasonable and balanced. A few are reasonable and unbalanced. Most are just a big pile of poorly concealed flame. Then we repeat in 90 minutes with a new target.
I'm getting tired of criticizing Google, myself. I am not a fan of the company by any means, but what's the point of posting roughly the same hate cycle 3 times a week? Half of the more unique stories are even beginning to feel pointless to me now, since most of the discussions end up heading toward creationists, atheists, or a general left vs right (or libertarians vs. everyone) brawl.
"I zero-index my hamsters" - Willtor (147206)
That's not a lone example. Search with Google for "craigslist auto posting software". These are all paid Google ads:
We track the "bottom feeders" in Google AdWords over at SiteTruth. We consider about 36% of Google's advertisers, out of a set of 20,000 ad domains, to be "bottom-feeders" - no visible business address, or we have other negative info. If you download AdRater, our Greasemonkey script for Firefox, we rate the advertiser behind every Google ad you see and display a rating icon on top of the ad. (Yes, the plugin "phones home". It tells us lots of stuff about the advertiser, which we're interested in, and very little about the user's browsing, which we don't care about. The plugin is open source, so you can check this.)
With the information we have, it's painfully obvious that Google isn't picky about their advertisers. The example in the article is one of many, not a unique exception.
Google CEO Eric Schmidt was quoted last month as saying "The Internet is fast becoming a cesspool" Was he complaining, or boasting? Much of that is Google's doing.
and if the links go to EvilLand, send the deposit back, and notify SpamHaus and the other badware trackers.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Well thanks for the mod bomb. But I don't care if this also gets -1 Troll. Google rakes in cash and doesn't care where they get it from. They sell our information to THE HIGHEST BIDDER.
Most of the people interested in buying information from Google, use that info for nefariously shady dealings.
There is no coincidence that Double-Click and Google are one and the same.
Do no evil? LOLOLOLOLOLOLOLOLOLOLOLOLOL
The dangers of knowledge trigger emotional distress in human beings.
Claiming to do no evil since day one is more profitable than conceding a loss to Satan's forces and being honest. You have to tell the truth to get out of Hell. Remember, we're dealing with Double Click here, not just Google. They are one-and-the-same.
The dangers of knowledge trigger emotional distress in human beings.
IOW, the Coke sign in the crack house is likely about as relevant as the Nike swish and the Just Do It logo
Maybe if a nike sign was hung at the local brothel.....
All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!
I'm sure what is meant is "if you're going to search for vvarzz you're going to get infected". I could change my platform, I could run an ad blocker.
Browser, well, I got infected using firefox v2.0.0.18. I "should" update.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
A while back my credit card info was stolen and I first noticed it because of some suspicious charges.
What were the charges?
Google adwords. Several hundred dollars worth and all pointing to malware sites.
Clearly, the first for steps whomever stole my credit card info were to set up ads directing folks to sites that could potentially be used to infect more machines, steal more info, etc.
This was almost a year ago, so Google (at some level) has to know that this sort of thing is going on. And if it's still going on a year later, it must still be successful as a way to spread malware.
Not it's possible Google isn't doing anything about it because they think that if they start policing it, they may be exposed to more liability.
Corollary to Hanlon's razor: Any significantly advanced stupidity is indistinguishable from malice.
Maybe Google should change their motto to "Do slightly less evil than the other guy."
"But this one goes to 11!"
One of the sites I visit on a regular basis is a site called housepricecrash.co.uk . It is a site for people who think real estate is going to fall in price.
The google ads on that site are mostly for property investment clubs, which is the last thing their readers are going to visit.
LOLOLOLOLOLOLOLOLOLOLOLOLOL
Just checking... is that "Laughing out loud out loud out loud out loud" or "Laughing out laughing out laughing out laughing out loud"? :)
Google AdWords are still in beta, its a work in progress. Soon we shall see final release without such bugs.
I'd have to say that is someone who can't contain their laughter.... similar to the old fashioned "Bwhahahahahah!!!"
The dangers of knowledge trigger emotional distress in human beings.