Google Finally Quashes Month-Old Malvertising Campaign

jfruh writes Since the middle of December, visitors to sites that run Google AdSense ads have intermittently found themselves redirected to other sites featuring spammy offerings for anti-aging and brain-enhancing products. While webmasters who have managed to figure out which advertisers are responsible could quash the attacks on their AdSense consoles, only now has Google itself managed to track down the villains and ban them from the service.

Don't do evil

[thsths]

unless it is profitable.

Google standards have certainly slipped. You would expect them to prevent this at all cost, and to have a system in place that prevents it from happening. But unfortunately the very opposite is happening: unruly ads are becoming more and more common, and Google doing very little to prevent it.

Re:Don't do evil

[phantomfive]

Yeah, I remember when Google's goal was to index the world's information. That seems to have taken a back seat to generating ever more revenue.

Re:Don't do evil

[Njorthbiatr]

Google does something and they're called out for not doing that thing?

This isn't making any sense. Are we just getting upset at Google because Google?

Re:Don't do evil

googles goal has ALWAYS been generate more revenue, you are confusing there public messaging with what they actually do.

Re:Don't do evil

[bloodhawk]

No they are being called out for how slow they are, just like when we call out MS when they are slow on patches. It is even worse for google as they like to blow there own trumpet on how important security is to them.

Re:Don't do evil

[hairyfeet]

Nooo, folks are getting upset because Google USED to be consumer centric and seemed to really care about its end users, but for the past few years (since around the time they launched G+ and started pushing for real names and tying everything to a single user) they have seemed to toss that out the window in favor of ever higher stock prices.

I have to wonder if this is something that cannot be avoided as it seems every corp that reaches the top of the heap turns into an asshole. Its like they reach a certain point and their drive to innovate and be the best is replaced by a paranoid desire to hang onto what they have and crush competition, from MSFT's OEM contracts to Google's damned near word for word copies of those contracts when it comes to handset makers, its like they reach a point and the engineers are replaced by MBAs and they just turn into giant douchebags.

Re: Don't do evil

This. Google has been slow for 15 years and their goal has been the same

Re:Don't do evil

[houghi]

The first moment people were alerted was when they killed DejaNews.com But I said nothing, because I was not a Usenet user ...

Re:Don't do evil

[Jeff+DeMaagd]

Sometimes it helps to at least read the abstract. The complaint was about the speed.

"Since the middle of December... ...only now has Google itself managed to track down the villains and ban them from the service."

Another issue is Google's ad system being vulnerable to being bait and switched, even allowing advertisers any opportunity to do that seems a poor decision.

Re:Don't do evil

[Njorthbiatr]

Well I don't know if that's fast or slow.

I'm an investor not a software security expert.

Re:Don't do evil

[hattable]

How can they support their goal without revenue?

Re:Don't do evil

Google has to appear at least to protect their brand. But lets face facts, if your in the shit business expect to get some on you.

Re:Don't do evil

[CaptainDork]

Actually, Google's paradigm shift from "cool" to "fool" coincides with their date of IPO.

Shareholders are in it for the money and every other consideration is off the table.

Aggravating that shift is the shareholders' "me ... now" short-term vision of making infinite amounts of money in an extremely short period of time.

Look at Bezo's long term vision of making profits at Amazon at some distant date and the shareholders' diminished enthusiasm.

Talented employees who made those companies blossom, and who took low pay in trade for stock options, get pissed off after the post-IPO corporate assholes enforce standard hours, reduce perks, and shift the focus from R&D to revenue production.

Re:Don't do evil

[phantomfive]

There's a difference between generating revenue to meet your goal, and making your goal to generate revenue.

Re:Don't do evil

[Oligonicella]

Indeed. Higher on the lead page you'll find an article about Google having a team to search for MS bugs and outing *them* if they don't patch fast enough.

Re:Don't do evil

Actually, Google's paradigm shift from "cool" to "fool" coincides with their date of IPO.

Shareholders are in it for the money and every other consideration is off the table.

This is accurate. I think it's worth remembering that Google didn't want to IPO, they didn't want to become a public company, for exactly this reason. They knew they'd have to sacrifice their principles in order to appease external shareholders. Google was forced by the government to go public and they've been sliding downhill ever since. A few investment bankers got even richer, though, so it's all good.

Not a priority

[phantomfive]

Stopping malware is not a priority for advertising companies. The priority is to do whatever they can to help advertisers, because advertisers give them money. Money focuses people's priorities (including mine).

Re:Not a priority

Money focuses people's priorities (including mine).

This is something I find not so much disheartening as boring with the world. Among several hundred million humans brought up in Western cultures one would hope for at least some variety in thought, but there is in fact extremely little.

Re:Not a priority

[RogueyWon]

It should be a priority - because if it isn't, it will start hitting revenue. I'd gone years without using adblocking software, on the grounds that I knew a lot of sites I liked depended on advertising income.

When Yahoo! ads starting redirecting to ransomware-pushers a couple of months ago, I reversed my policy fast.

Re:Not a priority

[thsths]

> Stopping malware is not a priority for advertising companies.

> The priority is to do whatever they can to help advertisers, because advertisers give them money.

Yes, but there is a gap between the two statements. How about:

The priority is to do whatever they can to help malware (while only appearing incompetent and not actually evil), because malware spreaders are giving them money.

All I am saying that this is a very slippery slope. Google is most certainly helping to spread malware, and they are probably making money from it. And they could do more to avoid it if they wanted to...

Re:Not a priority

Malware spreaders aren't giving them money, gawd. These are typically:
a) Hacked third party servers (see openx source... yes an open source product), where the javascript is inserted in the ad unit...
b) Hacked Adsense and DoubleClick accounts where the javascript is inserted in the ad unit...
c) Botnets or EC2 services bought with stolen credit cards.

And the javascripts are designed to not trigger while inside the adsense/doubleclick ad review panel, and various other ad review processes. That's why the malware shows up for some people and not others, yet never gets seen by the people trying to hunt it down.

Re:Not a priority

Even if you're one in a million there's still a hundred other people like you.

Re: Not a priority

Several thousand, actually.

Re:Not a priority

[jafiwam]

> Stopping malware is not a priority for advertising companies.

> The priority is to do whatever they can to help advertisers, because advertisers give them money.

Yes, but there is a gap between the two statements. How about:

The priority is to do whatever they can to help malware (while only appearing incompetent and not actually evil), because malware spreaders are giving them money.

All I am saying that this is a very slippery slope. Google is most certainly helping to spread malware, and they are probably making money from it. And they could do more to avoid it if they wanted to...

Malware is the primary reason why I have aggressive ad blocking strategies.

I don't see ads on the internet.

If I never had to clean up some poor sap's computer of malware caused by ads, I wouldn't care about ads. I have the bandwidth to handle it. I just don't want my shit infected.

Re:Not a priority

[swillden]

Stopping malware is not a priority for advertising companies. The priority is to do whatever they can to help advertisers, because advertisers give them money. Money focuses people's priorities (including mine).

It is actually a priority. Google's ad-ranking system takes into account not just the revenue potential from an ad click but also "ad quality", a metric that considers various aspects of the ad, the site to which it links, and more, all related to the user experience. Because Google knows that it's important that when users click on a Google ad they have a good experience. Otherwise, they'll click less. Given that Google only gets paid when they click, that's directly bad for revenue. It likely also reduces the value of the ad to the advertiser, since users who do click may arrive more skeptical of what they'll find, and be less likely to buy. So advertisers will bid less, and that's bad for revenue.

To help the advertisers, Google provides feedback on what they can do to improve their ad quality metric, because it's one of two levels advertisers have to control how often their ad is shown (the other is how much money they bid for each click). Google also provides details statistics to enable advertisers to calculate their ROI from advertising on Google, which will quickly show the damage from any degradation in user trust in Google ads.

I don't know the details of what happened here, and although I could search the bug database to find out, if I knew the details I couldn't post. That said, I strongly suspect that what happened here is that the situation was more complicated than is presented in the article and that there were very good reasons why it took the Google ads team so long to address the issue. Because bad ads are bad for Google.

(Disclaimer: I work for Google, but don't speak for Google. My description of the ad ranking system is public knowledge and the rest is only my opinions.)

Re:Not a priority

[idontgno]

I'd gone years without using adblocking software,

Nobody ever went broke underestimating the intelligence of the American public.

-- H. L. Menken

Re:Not a priority

[swillden]

one of two levels

Er, I meant "levers". If only there were some way to see my post before it's submitted...

Re:Not a priority

[tlhIngan]

It is actually a priority. Google's ad-ranking system takes into account not just the revenue potential from an ad click but also "ad quality", a metric that considers various aspects of the ad, the site to which it links, and more, all related to the user experience. Because Google knows that it's important that when users click on a Google ad they have a good experience. Otherwise, they'll click less. Given that Google only gets paid when they click, that's directly bad for revenue. It likely also reduces the value of the ad to the advertiser, since users who do click may arrive more skeptical of what they'll find, and be less likely to buy. So advertisers will bid less, and that's bad for revenue.

Too bad that only applies to ads sold directly by Google Ads, and not say, DoubleClick or every other ad network Google owns and operates.

Re:Not a priority

[phantomfive]

Given that Google only gets paid when they click, that's directly bad for revenue.

That's a good point.

Re:Not a priority

[phantomfive]

It's based on the fact that if you don't focus on money with at least part of your time, you will not survive. Similarly, our culture has a huge focus on eating (we even stop work for that ritual). It has to happen to some degree.

Re:Not a priority

[swillden]

It applies to all pay-per-click ads. For impression ads the situation is less direct, but bad ads make impression ads less valuable to advertisers.

In the long run, this sort of issue is bad for Google, period. In many corporations the long run is irrelevant, but Google doesn't have to think that way because of its stock voting structure, and Google doesn't think that way.

system is not foolproof ...

[thephydes]

"Google says that AdSense content is “reviewed by real people and clever machines” before appearing on websites. But the system doesn’t appear to be foolproof." If you actually believe that it's foolproof, then you could well be labeled a fool. just sayin

Re:system is not foolproof ...

[SeaFox]

"Google says that AdSense content is “reviewed by real people and clever machines” before appearing on websites. But the system doesn’t appear to be foolproof."

Maybe their reviewers are in need to something to give them a mental boost so they can be more diligent. Or, possibly time to bring in some young blood on staff.

Re:system is not foolproof ...

[meerling]

Maybe they have too much 'young blood' and need some critical and skeptical 'old school'.
Age doesn't have anything to do with it, procedures and techniques on the other hand...

Re:system is not foolproof ...

The inattentive staff must be bored. Feed them spicier curry! That will perk them up.

Re:system is not foolproof ...

You would think it would be relatively trivial for a company of Google's expertise to set up a server farm dedicated to running adds in an automated test environment and dropping the ban hammer on any advertiser that it detects redirecting a user.

There is 0 - absolutely 0 - excuse for an ad to auto-redirect a user.

Malvertising?

I am both look younger and brain better than used to!

This is why I use adblockers

I do find a lot of adverts annoying, particularly the modern ones which autoplay video. But I might be persuaded to make exceptions for sites I find useful - except for this. Webserved adverts are basically a huge malware risk, and therefore I won't allow any. The ad vendors don't have the resources to check all of them properly or to deal with malware in a timely manner, and even if they did I wouldn't trust them to catch every problem.

Re:This is why I use adblockers

[houghi]

I hate adds since the moment they were around. I always have hated them and not only online. I hate them in the streets. I hate them on TV. I hate them on cars. I hate them on clothes.

And there is no way of turning them off. Except perhaps for North Korea, you will be bombarded by ads. Here a quote that I really like.

People are taking the piss out of you everyday. They butt into your life, take a cheap shot at you and then disappear. They leer at you from tall buildings and make you feel small.

They make flippant comments from buses that imply you're not sexy enough and that all the fun is happening somewhere else.

They are on TV making your girlfriend feel inadequate. They have access to the most sophisticated technology the world has ever seen and they bully you with it.

They are The Advertisers and they are laughing at you.

You, however, are forbidden to touch them. Trademarks, intellectual property rights and copyright law mean advertisers can say what they like wherever they like with total impunity.

Fuck that.

Any advert in a public space that gives you no choice whether you see it or not is yours. It's yours to take, re-arrange and re-use.

You can do whatever you like with it. Asking for permission is like asking to keep a rock someone just threw at your head.

You owe the companies nothing. Less than nothing, you especially don't owe them any courtesy. They owe you.

They have re-arranged the world to put themselves in front of you. They never asked for your permission, don't even start asking for theirs.

- Banksy

The issue is far worse and all we do is treat it differently because it has "On the internet" in front of it.

Re:This is why I use adblockers

[swillden]

I hate adds since the moment they were around.

Either you must be the oldest person alive, or you mean "since I was old enough to notice them". Also, the word is "ads", short for "advertisements".

Related to the Banksy quote, I'd say that ads on the Internet are even easier to control. Just install AdBlock. No, it doesn't get all of them, but it comes close.

Re:This is why I use adblockers

I hate adds since the moment they were around. I always have hated them and not only online. I hate them in the streets. I hate them on TV. I hate them on cars. I hate them on clothes.

Would you like them in a house?
Would you like them with a mouse?

Only a month?

Couldn't let the shit spin around on the fan much longer? Come on, it would have been fun to watch.

SOME visitors

[TheCarp]

That shit doesn't happen to me because I run requestpolicy. When I load up site X.Y.Z and it says "Here load content from a.b.c" It....doesn't load unless I manually approve it. For all sites all the time, and google....almost NEVER gets the approval unless absolutely required.

Re:SOME visitors

This is why Javascript sucks fucking balls. XSS attacks like this are so common it's not even funny.

Re:SOME visitors

[amorsen]

And then you try to open a mainstream news site, like the Washington Times article linked to earlier, and you are presented with a full-page list of sites the page wants to load content from. It turns out the CSS one is washtimes.com, and that is all that was actually required.

I wish requestpolicy would label links by how they got pulled in (CSS, image, script...)

Re:SOME visitors

I wish requestpolicy would label links by how they got pulled in (CSS, image, script...)

I am not familiar with requestpolicy, but this seems like it would be pretty trivial to do. Is it just that the all-or-nothing from site X is simply easier?

Re:SOME visitors

[TheCarp]

Yes this would help a lot, especially for videos though, a lot of times, I just give up and move on, or put up with finding the text in the middle and reading it with no formatting.

You can't expect google to know everything,..

[Black+Copter+Control]

oh, wait!

Don't trust Google

Google is not to the point I consider them evil. But I do see where their loyalty is and that is with advertising. Their bread and butter so to speak is ad revenue.
If that is your money maker you have a conflict of interest on protecting privacy and with that users. I'm sure Google convinces itself as Facebook does that their is nothing wrong with sharing a little information about what you do on the internet. After all, they figure that if they provide you with services like Google provides, and a social web site as Facebook provides for "free". That in return they can use some personal information of yours to make money. Now, for me I don't really care, I don't use Facebook or any social site, I only use a couple Google products and don't provide Google with anymore then minimal personal info. So for me, I do not care other then the re directs were more of a annoyance then a privacy issue for me. I guess if it bothers you that much just do not use any services from Google or a social site that provides free service for your info in return. You can also use browsers out there that do better at protecting your information. Stop whining and do something about it, if your privacy is that important.

ongoing

[slashmydots]

And yet nothing is done about the 10+ year ongoing fraud from iyogi and other pretend support companies. Go ahead, type "Hp support" or "microsoft support" or "samsung support" into google and look at the ads.

Add these to your hosts file

0.0.0.0 lemode-mgz.com
0.0.0.0 securevoluum.com
0.0.0.0 wan-tracker.com
0.0.0.0 consumernews247.com
0.0.0.0 hfrov.voluumtrk.com
0.0.0.0 voluumtrk.com
0.0.0.0 dwynne728us.wan-tracker.com
0.0.0.0 adwynne728us.wan-tracker.com
0.0.0.0 track.securevoluum.com

Per my subject above: Once they're blocked that way, no problem...

* DATA SOURCE -> http://blog.sucuri.net/2015/01...

APK

P.S.=> To get even more comprehensive security vs. threats like this & many others (as well as more speed from adbanner blocking + hardcoding favorite sites @ the TOP of hosts files, which also give you more reliability + safety vs. downed DNS, redirect poisoned DNS, & DNS amplification attacks)? This is the ticket to that:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

(Details of the above enumerated benefits are listed in the link page...)

Enjoy - it's 100% free, & NO OTHER SINGLE "so-called 'solution'" does more, with less!

The BEST in the security antimalware & antispyware business currently, http://www.av-test.org/en/news... per that VERY recent test's results, host & RECOMMEND my program for hosts -> http://hosts-file.net/?s=Downl...

... apk

They let this crap continue

[xaotikdesigns]

yet they'll close out my account and ban me for life without ever even telling me why...

They're pretty quick to out Microsofts Bugs

[Timmy+D+Programmer]

You would think they would be more diligent with their own security issues.

It is a shame

I would love to enable ads on some sites to support the things those sites do. However, with stuff like this that continues to plague online advertising, there is just no way I can.

Mod parent up, please!

[billstewart]

Exactly my reaction.

Abusing Zedo and Doubleclick Ads

[billstewart]

I was ok with Google ads, because they were just a little box with some text links, no bulky images, no animation, no Flash, and if there was any Javascript in it, it was well-written and not a resource hog. (Eventually I gave up and let AdBlockPlus block them too, because collateral damage was easier than special-casing them.)

But Zedo, the folks with popunder windows? Kill them with fire, put all their domain names in /etc/hosts as 127.0.0.2, tell Firefox to block images from them, and block Javascript and Flash from anybody I could identify using a Zedo ad. (Same for X10.)

Doubleclick was an early ad company, and as far as I could tell, before Google bought them their slogan was "Be Evil. Buy Ads from the Dark Side, We've Got Cookies!" so I'd been blocking them in /etc/hosts for a long time.

So if Bad Guys were putting even more malware into Zedo and Doubleclick, that's just a reminder that blocking aggressive advertisers is a good idea.