Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Text Ads For Known Malware Sites

Posted by kdawson on from the not-evil-no-sir dept.

notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

3 of 110 comments (clear)

  1. Re:Notify the end users by larry+bagina · · Score: 5, Insightful

    That might viloate the google/website contract. Howewver, that's not the issue here. Google is running ads with links to malware sites, not ads on the malware sites (though they probably do that too).

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  2. Re:Responsibility by Sir_Dill · · Score: 5, Insightful
    If you bothered to RTFA you would have found out that the authors were only able to cite one example for which Google "ponied up" by removing the offending ad as soon as they were notified. Hell if you bothered to read the summary you would have seen that.

    That doesn't sound like a blind eye.

    Quit trolling

    Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.

    It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.

  3. What Google should really be responsible for... by Moryath · · Score: 5, Informative

    Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

    It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

    Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

    Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.