Slashdot Mirror
Google Text Ads For Known Malware Sites
notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?
I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?
There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.
To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?
This is NOT "stuff that matters"
News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!
I work for the Department of Redundancy Department.
A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.
Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Comment removed based on user account deletion
That doesn't sound like a blind eye.
Quit trolling
Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.
So why worry?
At least this way the malware companies pay someone and end up infecting no one.
Seriously have YOU ever clicked on an ad?
I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
And that's after about two thousand visits to the site and maybe 200 downloads!
Here is my 'required by google' policy on the ads:
http://gentooxo.org/disclaimer.shtml/
So useless are the ads that I am thinking I will simply drop them...
I don't know the meaning of the word 'don't' - J
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
/sarcasm on /sarcasm off
Yes, I am sure that with all the smart people at google it never occured to ANYONE that maybe it would be a good idea to use that spam/malware site filter on adwords. Its not like those are two of the most well known groups at Google or anything.
Google has been selling ads to link farms forever even though it (attempts) to filter them out of search results. It is their policy to do so even though they do everything they can to lower their rank in regular search results.
It would be easy for them to do so but they choose not to do it. Come on guys, if Google filtered and MS did not everyone would be ranting about how MS is promoting malware and spam to make a quick buck.
You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:
"spybot": 3 sidebar, 1 at the top.
"adaware": 3 at the top
"ad-aware": 1 sidebar, 1 at the top
I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.
I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.
"You are infected with a malware that you picked up because of your browsing habits"
Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site.
As they said, infected due to your browsing habits.
If you were running an ad blocker, you couldn't have been infected by an ad. It almost certainly required scripting, with a good chance it required cross-site scripting, as well. Thus, scripting off by default, regardless of your ad viewing preferences, would have stopped it in most cases, and even if you had that mainline site whitelisted, the malware site it tried to load stuff from would have fallen into the no-scripting default and thus would have been blocked.
Also, browsing habits could well be defined as inclusive of the platform you choose to browse from, and almost certainly would include your choice of browser. You don't here of so many getting infected running say firefox on MS, and even fewer running any of the even semi-common Linux platform browsers...
All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!
So yes, browsing habits, indeed. Just because they are common browsing habits doesn't make them /safe/ browsing habits.
Duncan
"Every nonfree program has a lord, a master,
and if you use the program, he is your master."
R Stallman
A while back my credit card info was stolen and I first noticed it because of some suspicious charges.
What were the charges?
Google adwords. Several hundred dollars worth and all pointing to malware sites.
Clearly, the first for steps whomever stole my credit card info were to set up ads directing folks to sites that could potentially be used to infect more machines, steal more info, etc.
This was almost a year ago, so Google (at some level) has to know that this sort of thing is going on. And if it's still going on a year later, it must still be successful as a way to spread malware.
Not it's possible Google isn't doing anything about it because they think that if they start policing it, they may be exposed to more liability.
Corollary to Hanlon's razor: Any significantly advanced stupidity is indistinguishable from malice.