Why is Google Running Ads for Known Malware Sites?
Posted 11/13/08 at 03:00:00 PM by Alex Castle
Comments
Print
Email
While researching an antivirus article here at Maximum PC, we noticed something very curious: a Google AdWords link
|
|
called “Antivirus xp 2008,” which led to the url “antivirus-world-2009.com.” (Don't go there)
Anyone who’s been paying attention during the last year or so know that "Antivirus xp 2008" is the name of one of the most widespread and obnoxious bits of malware floating around the internet. It hides itself in your system and launches a bogus antivirus program at intervals to warn you that you’ve got spyware and trojans and the sky is falling. Then, it recommends that you buy the pro version of the program, which presumably also does nothing except rip you off. The virus is frequently updated to evade malware removal tools, and is just generally a pain.
So why is Google advertising for it? It’s not exactly tough to figure out that the site is hosting the virus; the link is called “antivirus xp 2008” after all. Well, maybe we should say that it’s not tough for users like us to figure out that it’s a virus—we suspect that less-experienced surfers (our moms, for instance) could very easily be duped into clicking the link, particularly if they were already searching for antivirus software.
And there’s reason to believe that Google knows the site hosts malware. We know that Google purges so-called “attack sites” from its index, and when we searched for “site: antivirus-world-2009.com,” which ought to turn up all pages at that domain indexed by Google, we got zero results. This isn’t conclusive, of course; there are other reasons that a site might not be indexed by Google, but it is suspicious. Malware-hosting sites are generally designed to try to climb to the top of the Google results page, and it’s probably safe to assume that a site that advertises with Google would be search-savvy enough to get its page indexed, if it weren’t blacklisted.
So what’s the deal? Are cases like this simply oversights, or is it Google policy not to subject its advertisers to the same scrutiny that the rest of the web undergoes? A Google spokesman responded to this question in typical form, saying "Google is committed to ensuring the safety and security of our users and our advertisers. As soon as we are aware of any violations of our policy, we work quickly to investigate and remove sites that serve malware in both our ad network and in our search results. As such, we've removed this site from our ad network."
Us? We're not totally convinced. It seems like there's more Google could be doing more to insure that its advertisers aren't trying to hurt its users, and that it ought to be performing those checks before it hosts the ads.
Let us know what you think in the comments section.
ISP's
Submitted by hempychick on Tue, 11/18/2008 - 1:15pm
If you find these sites that start the download of this virus, ping the site and look it up at a dns lookup site, then report it to the ISP's so that they can get it shut down. These are the companies that should be taking responsibility. Usually they have these sites shut down within a few hours. http://runholy.com/?p=92 , http://atlastmylove.com
Submitted by ubuwalker31 on Sat, 11/15/2008 - 4:35am
There is a simple solution to this problem: Don't click on any ads. Period. Educate your family and friends about computer virus' and safe computing practices. Use Firefox with AdBlock Plus and FilterSet G Updater. Install ClamWin and Avast! to protect yourself against virus' that do get through.
Submitted by innocentbystander on Fri, 11/14/2008 - 11:07am
Use Malwarebytes' free
Anti-Malware
software to get rid of it
http://www.malwarebytes.org/mbam.php
Submitted by plumcider on Fri, 11/14/2008 - 10:05am
I just got rid of Smart Antivirus 2009, created by the same people that brought us all those other lovely antivirus/antispamware malwared. It took me three days of picking bits and pieces from my registry, and I had to reformat my harddrive--which it repeatedly tried to thwart, by the way--losing all of my data.
Right now, I want to know who to prosecute. If Google is, indeed, advertising these sites, I would like to hold them culpable, as well.
If you search something
Submitted by HarmonicShadow on Fri, 11/14/2008 - 12:42pm
If you search something pronographically related and you come across a page with groups.google.(insert end here), you'll get a page and when you click the link on that one, you'll get directed to some place like PornoTube to download the Zlob, Renos, whatever trojan or some rouge program. Google may be in cahoots with the malware makers, which they probably are, but maybe the deal went that instead of paying for our fake licenses to software that does nothing, why don't you advertise our software and make us more money? My theory is that Google doesn't care about comp safety at all and that they serve up the fakers just so that the malware people make money and leave google alone. It's like appeasing Hitler, it didn't work. My guess is that the malware might just go off, hack google, and end us for good.
-------------------------------------------------------------------------------------------------
Bill Gates: "What's that?"
Steve Jobs: "It's an iHouse."
Bill Gates: "But there's no Windows."
Steve Jobs: "EXACTLY!"
Submitted by Farbles on Fri, 11/14/2008 - 9:47am
I got my Google Ads cherry popped a couple of months ago when I saw a Google Ad for bulletproof bulk email hosting. I somehow can't imagine reconciling supporting spam resources with "do no evil" and I don't think Google even tries. It's crap and they're just on the take. This is the reason my domain passed on getting Google Ads, since who knows what ads for nasties might have made it on to our pages from Google.
Pain the ass
Submitted by digital demon on Fri, 11/14/2008 - 9:28am
I deal with customer computers infected with Antivirus XP at work all the time. It is a royal pain in the ass to get rid of.
I've been wondering how so many people can repeatedly get infected with the same virus, but if Google is hosting a link to it I guess that answers my question.
Submitted by aeguser on Fri, 11/14/2008 - 9:11am
Our companys google adwords account was hacked a week ago and someone put a campaign for this exact ad and put a limit of 10,000.00 a day. The campaign racked up thousands of dollars before I realized what had happened. I emailed google and after 4 days or so, they responded and took care of the problem and we did not have to pay for the irronious charges. Not sure why google approved the ad in the first place, it was obviously a Russian ad that was a malware antivirus site.
Submitted by Geoff on Fri, 11/14/2008 - 8:40am
Congratulations, you've been infected with a trojen called FakeAlert. This is not Google placing adds for a malware site. This is an injected script that adds HTML to the code that you've downloaded. I suggest doing a little research before placing blame. this Trojen was written in Russia and does not infect any systems with Russian set as the prefered language. Should you be interested in learning more about this trojen and what it does, please visit McAfee's site or Sophos' website and search for FakeAlert.
Submitted by kclemons on Fri, 11/14/2008 - 9:14am
DescriptionTrojan.FakeAlert
consists of files that cause false warnings of spyware on the computer.
Usually the alerts are displayed in a balloon type pop-up from an icon
in the system tray.Add. DescriptionTrojan.FakeAlert
displays these false warnings when rogue security software is
installed, usually by exploits, and is used to frighten the user into
buying the rogue software.The article says they google had ads for the malware websites that installed these malicous programs. FakeAlert has nothing to do with changing the google ads you are reading, which is what you are describing.
http://research.sunbelt-software.com/threatdisplay.aspx?name=FakeAlert&threatid=43521
Has anyone checked?
Submitted by Talcum X on Fri, 11/14/2008 - 8:37am
Can we find the same ads (or sponsered links) in any other search engine? Google may not be the only one cashing checks.
***********
Every morning is the dawn of a new error.
"In Ireland, there are more drunks per capita than people." - Peter Griffin
Submitted by TeMerc on Fri, 11/14/2008 - 7:10am
You should spend some time in Blogspot. I've been tracking malware there for months and other more respected researchers evern longer.
I've submitted sites to them for removal and while they kill those blogs, they don't block the sites the blogs are re-directing users to. And they're always the same sites, time and time again. At any given moment there are literally hundreds of malware pushing sites on the Blogspot domain.
But if Google fixes it, there won't be any blogs on Blogspot. Betweeen the spam\blog farms(splogs) and malware pushing sites they wouldn't be able to make a dime.
The latest foray can be found here:
http://www.temerc.com/forums/viewtopic.php?f=27&t=5940
I've just checked and they're now pushing the latest rogue, Virus Trigger.
And Google knows how to block these re-directs too.
Google is all about the money and nothing else. Stay away from Blogspot.
Google itself is half virus......
Submitted by ghot on Thu, 11/13/2008 - 8:11pm
..so why would they be bothered if their kissing cousins wanted a link to their malware on a google site.
Ever try and un-install Google earth.....I've HAD viruses that were easier to rremove.
Submitted by Spider-Mom on Thu, 11/13/2008 - 5:57pm
I think its pretty obvious at this point that Google doesnt give a sht about its users. Any one who thinks otherwise might want to question what it planns to do with its Galactabytes of personal information it keeps and never purges about peoples searching habits and redirects. Those records are attached to IPs that can one day personaly ID you and everything youve ever searched for on Google.
Its a feaking search engine. Get over it already.
Submitted by Queenof1 on Thu, 11/13/2008 - 3:33pm
Now that Google's been put on blast, will the malware ads cease?
Submitted by ixianradeon on Thu, 11/13/2008 - 2:02pm
Why do companies and or software packages like that exist. I mean could there not be a agency or something that stops those kinds of attempts to hurt others. I think malware and stuff like it has reached the point where we can not just rely on spy ware checkers to remove it, a preemptive measure should be taken.
Submitted by dcrail on Thu, 11/13/2008 - 12:55pm
"Why is Google Running Ads for Known Malware Sites?"
My first guess would be that their check cleared.
Must Read Articles
Feature
Review
Feature
Feature
Feature
Most Popular Articles
This Month's Issue
FEATURE Windows XP/Vista/7 Tips!FEATURE Monitor Roundup: 7 LCDs ReviewedHOW TOMaster PhotoshopFEATUREAMD's Awesome New GPUWHITE PAPEROrganic LEDs
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2009 Future US, Inc. All Rights Reserved.