Slashdot Log In
Google Text Ads For Known Malware Sites
Posted by
kdawson
on Fri Nov 14, 2008 08:54 AM
from the not-evil-no-sir dept.
from the not-evil-no-sir dept.
notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Notify the end users (Score:2, Interesting)
Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?
Re:Notify the end users (Score:5, Insightful)
That might viloate the google/website contract. Howewver, that's not the issue here. Google is running ads with links to malware sites, not ads on the malware sites (though they probably do that too).
Parent
What Google should really be responsible for... (Score:5, Informative)
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
Parent
Re: (Score:3, Interesting)
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
That's one thing I don't understand: If I can either refuse to send an HTTP Referrer header or forge it to always point to the site's index page (I use the Firefox RefControl extension but there are others that do the same), certainly Google can do this and avoid that entire set of problems. In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of
Re: (Score:2)
In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of a user it's useless or nearly useless; if I thought Webmasters needed to know the site I went to before I visited theirs, I would send them an e-mail to tell them.
It's useful for bandwidth control; if some other site is leeching content, you can block/redirect requests from that referrer.
The only real alternative at present (that I'm aware of) is to replace any images or files with something that's harder to inline into another site's content like a Flash gallery. We've already gone too far that way; no need to give sites another excuse.
Re: (Score:2)
Re: (Score:2)
A lot of cgi is protected by not accepting connections from anywhere other than the localhost, because you don't want people accessing scripts in ways other than those you expose. As a first line of defence it's quite useful. You must be able to control the input as much as possible. None of my mySQL DBs are accessible outside localhost for example (although that doesn't rely on headers, it's hard coded in the connection string).
Yeah, but you can't safely do that using the referer header, since the attacker can send anything they want (including localhost). You need to look at where the connection is actually coming from.
Re: (Score:3, Interesting)
Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.
It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).
Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
Nice idea but impossible. I work in google adwords qualified company and we ourselves create thousands of google ads per day. And we aren't the largest company in the country by any means. And the country is smaller that most states of USA...
The amount of ads is mind boggling.
Google employees checking every single one periodically? That is impossible. Also, why not demand that Youtube employees would watch through every video?
Now... Did Google do something wrong? Perhaps. If they delivered ads to location t
Re:What Google should really be responsible for... (Score:5, Interesting)
Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.
That's easier said than done. Here are some reasons:
Parent
Is there a demand for guides in the bad places? (Score:5, Interesting)
I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?
There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.
Re:Is there a demand for guides in the bad places? (Score:4, Informative)
Parent
Re: (Score:2)
box.sk has a porn search!?
Re: (Score:3, Insightful)
http://astalavista.box.sk/
Yeah, that used to list the bad places. Now it mostly lists the awful ones.
Re:Is there a demand for guides in the bad places? (Score:4, Interesting)
Fair question.
In my day job I work for the Internal Revenue Service. Years ago, I helped prototype a "lead development" process looking for tax non-compliance in entities that promoted themselves online. (Nowadays, that's everybody but not back then.) We started out looking at porn, hate peddlers, and rogue CPAs who dispensed bad advice (whatever you wanted to hear) for hefty fees. The CPAs were easy to find but the porn and hate guys? Not so much. You'd be surprised how many wholesome Midwest couples supplement their income by making beast porn and not paying taxes on their receipts. And if you think any of the white supremacist groups or similar wack-jobs out there actually comply with tax laws, I would like to tell you different.
The problem was that when we tried to find these dodgy porn sellers and hatemongers, they were tough to find. A search engine that actually had useful results would have been a good thing.
In other matters, I can remember when cjb.net was filled with not just awful porn but also cracker sites containing useful nuggets of tech information. They were also infested with whatever malware was around. At that time (What was it? About 5-8 years ago?), Google did index them. But I can easily imagine a need to get to similar neighborhoods today and finding that search engines are reluctant to point you to their malware-laden pages.
It hasn't been my job to poke around in such places for a long time but I think it's obvious that there are legitimate reasons to do so.
Google doesn't filter much. I know that there are lots of sites that simply don't appear in their results but I have no idea whether Google purges those sites because of potentially illegal content or if the sites themselves are opting out of being crawled. But no matter the cause of non-appearances, there still don't seem to be any search engines I know of that do a good job of indexing the content they have for these types of sites.
For example, in the situation I described a couple of paragraphs ago we found that the hate sites were very hard to track until we realized that long before we got interested in them, there were other people (namely, their victims) who had a huge interest in cataloging them. The Anti Defamation League catalog of hate sites was a gold mine, an absolutely invaluable resource. They had compiled their catalog by talking to victims and dealing with the bad guys. Trying to compile the same sort of catalog from Google results would be very, very difficult. (To be fair, back when I was doing this I mostly used HotBot and NorthernLight; this isn't a Google-specific complaint.) We started from the ADL catalog and spidered out from there, essentially building our own search database. It would have need nice if someone else had already done the work for us.
Besides, what's wrong with occasionally proving Rule 34? :-)
Parent
give 'em a break (Score:5, Insightful)
To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?
This is NOT "stuff that matters"
News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!
Re:give 'em a break (Score:5, Insightful)
You can't expect them to check every single link on every single page in real time.
I could easily set up a page that waits for a visit from the google page-checker then modifies itself to contain bad stuff. That would give me a window of attack.
Parent
Re:give 'em a break (Score:5, Insightful)
You guys are missing the point. Its not a matter of humans checking each link and making an oversight. Its a matter of Google accepting ads from sites that its magical filtering system knows for a fact are spam sites/link farms/malware etc. If they didnt accept ads from sites that their database knows to be not so great websites then there wouldnt be any oversight. Computers dont make oversights so the only way this could have happened is if Google decided to apply a different standard for filtering their advertisers than they do to regular webpages.
Parent
Re: (Score:2)
Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?
If one were so inclined, one might, without any conspiracy theory or other leaps of unlogic, consider "one instance" to be "the first time they got caught,"
Re: (Score:2)
Actually, Google probably just realized the truth: People actually click on search results. Ads, not so much.
Eliminating the malware from search results is far more important.
Re: (Score:2)
I'd be pissed off.
Everyone else can tell me where the local dealer is without me having to pay them for the information ;)
Smoke, no fire (Score:3, Insightful)
A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.
Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.
Re: (Score:2)
Exactly, just because Google blacklists malware sites does not mean that all sites that aren't indexed by Google are malware sites.
That said, "antivirus pro 2009" and several other variations used to be advertised a few days ago, as well. I had to clean that crap off a machine in a remote office because the user got nailed by some fake UPS spam and our corporate antivirus(McCrappy) didn't prevent the install and didn't see the infection on the daily scan, only blocked the IE hijacking.
GoogleAds should moderate themselves more. (Score:3, Interesting)
Just for kicks, one day, I tried adding an Ad-Sense banner on my blog. Googlebots saw that my article talked about Ukraine & Russia. You know what google ads showed up?
"Meet and marry Ukrainian girls!!"
"Hot, sexy Russian women looking for single american guys!!"
Useless to say I immediately removed all google ads right away. My blog is now back at 100% Ads-free. Not that I would get any revenue from it anyway.
Re: (Score:2)
I looked into it and I don't recall this... I recall being only able to block specific websites from showing their ads.
But who knows how many of those "marry a russian" scam artist websites exists, and where they are really located.
Because you know they're scam sites right, not just poor taste websites.
They try to create a love relationship with the "client" by email, and eventually ask the client to pay for the Russian women to take an airplane and visit him in person so that they can finally meet. Of co
Re: (Score:2)
I'm glad they gave you net access in the pokey, Hans...
(What? Too soon? :) )
But no one ever clicks on the ads (Score:4, Insightful)
So why worry?
At least this way the malware companies pay someone and end up infecting no one.
Seriously have YOU ever clicked on an ad?
I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
And that's after about two thousand visits to the site and maybe 200 downloads!
Here is my 'required by google' policy on the ads:
http://gentooxo.org/disclaimer.shtml/ [gentooxo.org]
So useless are the ads that I am thinking I will simply drop them...
Re: (Score:2)
Oops, link should have been: http://gentooxo.org/disclaimer.shtml [gentooxo.org]
Re: (Score:2)
There. You've got a click. Happy now?
Re: (Score:2)
Not if you got infected.
Although Google does promise that they use your site's Google index rating to select the ads and in the case of GentooXO, that would mean things that have to do with the OLPC, so there is almost no chance malware writers would write ads for this segment...
I use ad-blocking techniques, so every time I check the site I see no ads at all but the few times I have seen it from someone else's computer, the ads DID seem targetted to the OLPC, which is so
Re: (Score:2)
2k total visits? You need a lot more traffic to make use of ads. I would think something along the lines of 2k a day. Even then its not a lot.
Re: (Score:3, Interesting)
I helped put Google Ad's on a site my brother runs... http://www.scoutingresources.org.uk/ [scoutingresources.org.uk]
We get enough money from the ad's to host the site (which has some pretty hefty bandwidth needs at the moment but we have a very charitable host who does us lots of favours) and run a couple of camps for the Scouts every year. The clickthrough ratio is the same as my own sites, about 0.30%, but the number of visitors means it's actually profitable. Of course, we get that amount of visitors but being useful, prevelant
Re: (Score:3, Interesting)
Progman3K,
Your target demographic is people who want something for free. Do you really expect them to click on ads for for stuff that costs money?
Re: (Score:2)
I just added ads to my site and I've already paid for half of my hosting in about a week. I think the problem is your target demographic: Linux users. Most of them are obviously quite knowledgeable about things like Firefox, Adblock, Opera, Noscript, etc. My site kind of falls in between with video games. There are knowledgeable people and then there are just kids doing kid stuff.
Plus 2000 hits is not that much, click through ratio is really not that good for any site, your sample size is just not that
Re: (Score:2)
Even though your project looks pretty cool, I'd be surprised to hear you get much traffic. And ad clickthroughs are small (even at the best of times)... like 1% of users will even LOOK at the ad. Of those, only a few percent will click.
What you describe is a teeny tiny micro-niche site. I mean, come on...
A do it yourself, operating system for a laptop that's not readily available to the general public?
(You might be able to buy one during the once-a-year buy-1-get-1 sale... and even then changes are good
Re: (Score:2)
Bah, it doesn't matter!
I wasn't doing it for the money anyway.
I will remove the ads. Felt cheap putting them there to begin with.
For the record, my G1G1 OLPC was ordered in mid-November and was received in late January.
It has a defective keyboard (which I can fix) but otherwise it is a great little machine. I am just worried about playing around in there (my big hands) since it is the only unit I have.
Re: (Score:2)
No. And I never installed Gator or the Comet Cursor toolbar either.
Re:But no one ever clicks on the ads (Score:4, Informative)
Ah, but in the contract you must accept with Google, they explicitly forbid you to do anything to attract attention to the ads, which does sort of make sense...
All that and a poison apple, might as well remove the ads entirely.
Parent
Re: (Score:2)
You can pretty much put them wherever you want as long as you don't go "HEY! CLICK ON THESE ADS!" Really, the only limitation they have is don't tell people to click them and don't put anything directly above the ad besides something like "Sponsored Links".
Re: (Score:2)
Must be your target-demographic...
Obviously (in my case) only geeks and nerds would visit (YAY Geeks and Nerds!)
In your case... You didn't say what your blog is about, it would be interesting to note the difference.
Google doesn't give a damn as long as they're paid (Score:4, Insightful)
You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:
"spybot": 3 sidebar, 1 at the top.
"adaware": 3 at the top
"ad-aware": 1 sidebar, 1 at the top
I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.
Slashdot Posting Known Spam Stories (Score:2)
It seems like half of the stories here are posted for us to go through the same gratuitous cycle. A halfway baseless article criticizes or praises a company that for some reason a lot of us like and a lot of us dislike. A lot of people post about the article proving that the company is evil. Other people respond and defend the company. A few posts on either side are reasonable and balanced. A few are reasonable and unbalanced. Most are just a big pile of poorly concealed flame. Then we repeat in 90 m
to "do no evil," they should first check 'em out (Score:2)
and if the links go to EvilLand, send the deposit back, and notify SpamHaus and the other badware trackers.
Re:Responsibility (Score:5, Insightful)
That doesn't sound like a blind eye.
Quit trolling
Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.
Parent
Re: (Score:3, Informative)
Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.
/sarcasm on /sarcasm off
Yes, I am sure that with all the smart people at google it never occured to ANYONE that maybe it would be a good idea to use that spam/malware site filter on adwords. Its not like those are two of the most well known groups at Google or anything.
Google has been selling ads to link farms forever even though it (attempts) to filter them out of search results. It is their policy to do so even though they do everything they can to lower their rank in regular search results.
It would be
Re: (Score:2)
One thing I can never figure out: Gmail's spam filter is awesomely amazingly accurate. In the years I've had my gmail account, I think maybe 3 spams have made it through, and I've had 0 false positives.
Given that, why can't they apply that same well-learned spam filter to their ad words? An email subject line and an ad-words tag line are not all that dissimilar. It might cut down on the 99.9% of crap that comes through along the lines of "make 40k per month", "looking for [insert term]? find it here!", a
Re: (Score:2)
No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.
Re: (Score:2)
No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.
How is that blind?
Crack heads get thirsty too.
Re: (Score:2)
They're not your more ideal customer....
Re: (Score:2)
Hmm... within context, which Coke? =:^)
But really, as long as the customer isn't causing image problems for a company, most don't and shouldn't care /where/ their customers come from, or /what/ else they may do or buy or whatever.
And realistically, a Coke sign in a crack house is likely to have been ripped off from a bar or some such (maybe the bar tender was a customer and traded the Coke sign in for a hit?), or maybe somebody just thought it looked cool and bought it, like any of the other thousands of su
Re: (Score:3, Insightful)
I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.
"You are infected with a malware that you picked up because of your browsing habits"
Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site.
As they said, infected due to your browsing habits.
If you were running an ad blocker, you couldn't have been infected by an ad. It almost certainly required scripting, with a good chance it required cross-site scripting, as well. Thus, scripting off by default, regardless of your ad viewing preferences, would have stopped it in most cases, and even if you had that mainline site whitelisted, the malware site it tried to load stuff from would have fallen into the no-scripting default and thus would have bee