Google Deletes Rogue Ads, Dangers Persist 63
An anonymous reader writes passed us a link to a PC World article about attempts by Google to curb malicious ads via their popular service. The article is somewhat bleak, though, because researchers see the fix as nothing more than temporary. "'Search engines are just too easy a target for bad guys,' says Roger Thompson of Exploit Security Labs. On April 25, Exploit Prevention Labs reported that malware distributors were using advertisements placed via Google's automated AdWords system to infect unsuspecting end-users with spyware designed to capture bank login user names and passwords."
Adwords has poor service. (Score:5, Informative)
no it doesn't. (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
They are all vulnerable (Score:3, Interesting)
The ad itself looked like a blue, medical stock template with a nonsensical press release inside of it. It didn't look like an ad, but an unprofessional scam. Well, my antivirus went off either at that page, or when I clicked to investigate it. The home page itself consisted exactly of that same type of garbage.
So, Google Ads are dangerous because they take you to web sites of hundreds of thousands third party web sites nobody heard of before. AdBrite sticks those pages right into the ad so you can be infected even without clicking on anything; and because of that, you're screwed even if you have an ad-blocker software, because those ads are pulled straight from the advertiser's web sites.
M$ Search is Worse. (Score:3, Informative)
Microsoft's search excels in spreading malware [theregister.co.uk]. How's that for cold water on this Google slam?
Re: (Score:2)
Slam? (Score:1, Troll)
How's that for cold water on this Google slam?
So reporting an issue is a "slam" now? That is, unless it's about "M$", right?
"This is bad, but look over here, some more bad stuff and creative spelling!!"
I bet you're a big fan of Faux News.
Slam and Advert (Score:4, Insightful)
The Bungi Troll asks:
So reporting an issue is a "slam" now?
Yes, it's a slam if you only report half the issue. All of the search engines have this "problem" and M$ has it worse than others. The unmentioned root cause of the issue is a crappy browser and OS that's easy to exploit, yet somehow it's all Google's fault. That is a Google slam.
This is par for the course in the Wintel press world. The article ends up being an advertisement for Site Advisor, which is just another Windoze band-aid. The reporter who wrote this article needed to do some more research. Because they did not, they ended up slamming Google.
Re: (Score:2)
http://slashdot.org/~twitter [slashdot.org]
Yes, it's a slam if you only report half the issue.
So that's a bit like talking about botnets and your desperate denial of the existence of Linux botnets with tens of thousands of machines?
The unmentioned root cause of the issue is a crappy browser
They don't have to "mention it", because the root cause is an unpatched crappy browser. Quite a different thing.
Re: (Score:2)
Tens of thousands?
I don't really know about that, but let's take that number at face value and compare that to what Vint Cerf has calculated: he figures that 1/4 of all Windows clients are bots.
http://arstechnica.com/news.ars/post/20070125-8707
That's 150 MILLION machines compared to your purported "tens of thousands". The Bible says something about removing a log
Re: (Score:2)
Having s
Re: (Score:2)
"dared someone to provide proof that any "GNU/Linux" machine was in a botnet."
Well, that's just silly. If I want amusement, I'll put SSH back on 22 and watch the bots hit the logs.
"It's interesting no one else bothered to question that number."
That number is plausible to me. Most people are running around with expired AV and Anti-Spyware, which is _worse_ IMO
What is your problem? (Score:2)
This really goes back to an incident where "Erris" here (actually his other suckpuppet account) dared someone to provide proof that any "GNU/Linux" machine was in a botnet.
You are putting words into my mouth or someone else's. From other comments you've made, I'd say you were doing it on purpose as part of your pathetic Microsoft defense.
The truth of the matter is very simple. GNU/Linux comes out of the box spyware and malware free and is easy to keep that way. Windoze comes loaded with spyware an
Re: (Score:2)
I can't imagine why anyone would actually say that other than not nowing any better or being paid to spew retarded FUD about Microsoft.
Re: (Score:2)
Deny what, flocktard? That "Windoze" comes "preloaded with spyware"? Whoa, that's going to prove just damn hard. I can't imagine why anyone would actually say that other than not nowing any better or being paid to spew retarded FUD about Microsoft.
I love how you losers get all angry when people say bad things about M$. What have they ever done for you?
Re: (Score:2)
And you smell funny.
Other than that, you are free to say all the "bad" things you want about "M$". Just don't be surprised when someone questions your FUD.
Users should run servers. (Score:2)
you run sshd on any port other than 22 ... Joe and Josephine User don't run services, or at least shouldn't. Gone are the days of Linux shipping with tons of services turned on by default - they must be configured and started by the owner.
Off by default is a good policy but people should be encouraged to share and the ability to do so without being screwed is one of the biggest benefits of free software. OpenBSD's sftp is excellent and well implemented on GNU/Linux systems. It can only be brute force at
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Wow, more than five modpoints wasted trying to eliminate this thread. I'm flattered by the attention, but annoyed by people not getting to read about how Microsoft's search engine is worse [theregister.co.uk] and how none of this would be a problem if IE and Windows were not such sorry systems.
Jackass (Score:2)
Google has killed less people than Stalin. I guess news about problems with Google's setup aren't relevant at Slashdot...
Re: (Score:1)
Google has to require link = real destination (Score:5, Interesting)
This vulnerability in AdWords exists because Google made them "reseller-friendly." That needs to stop.
When you click on a Google AdWords ad link, the link goes to Google, not to the destination site. Then Google's ad link server looks at the URL, logs the click, and does a redirect to the site specified by the advertiser. That isn't necessarily the destination shown in the Google ad. It's often some "ad broker" or "affiliate", which wants to see the click event for "tracking". That's what created the vulnerability. Attackers can buy ads for "Bank of America" and have them redirect to "slimeballcentral.biz".
Google does check, when the ad is purchased and occasionally thereafter, that the link sold with the ad eventually redirects to the purported destination, or what Google calls the "landing site". But that's not good enough any more. Attackers can create ads which attract innocent users, run them past the attacker's site where the attacker gets a shot at them, then direct them invisibly to the destination. That's how this attack works.
It's time to cut the middlemen out of the loop. Google ad links need to go directly to the destination site, only. "Ad brokers" and "affiliates" will have to use Google's own ad tracking numbers. This might require outside auditing to be trustworthy.
That would cause some disruption in the ad-broker / "search engine optimization" business, although they'd adjust to it. It's going to be interesting to see whether Google chooses to protect its search customers or its ad brokers. That will tell us whether Google has abandoned "Don't be evil".
Re: (Score:2, Interesting)
This is not the root cause or solution. (Score:3, Informative)
From the fine article:
Woops, bad formatting. (Score:2)
From the fine article:
The problem is that so many people use a crappy browser that allows the attacks [microsoft.com]. Malicious people are going to put their stuff on the web and that's not Google's fault. To top it all off, Google is doing a better job figh
Unpatched (Score:2)
An unpatched crappy browser.
To top it all off, Google is doing a better job fighting the problem
How do you figure that, twitter [slashdot.org]? You're linking to the story that details the problem, but did you find the one with the solution? Or are you implying that Microsoft never did anything about it, but Google did?
Of course, I love this part from that article, in the usual Register style:
Re:Google has to require link = real destination (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
I've also worked at WaMu (I was a system admin with root on all of their UNIX machines corporatewide). I don't think I would ever bank there.
Re: (Score:1)
Google has ads? (Score:1)
A simple solution (Score:5, Interesting)
The philosophy is simple: Anyone who would take advantage of any sort of exploit to install software on an end user's machine is not peddling a legitimate product.
Of course, a semi-clever malware site admin can write a script that would deliver different content to a Google machine. But I am sure Google has enough disposable IPs and proxies that that won't be a problem. And even if it is, I'm sure they can just Google for a good IP spoofer. (Goofer?)
It's a trivial matter with an easily implemented solution.
Re:A simple solution (Score:4, Insightful)
They can also change the content of the page after it's accepted, so Google would have to check every ad fairly often.
-:sigma.SB
Re: (Score:2)
It's still an "after the fact" solution, but short of forcing people to make immutable ads...
Of course, given the mindstaggerly awsome amounts of bandwidth Google weilds, doing daily or weekly spot checks on new ads wouldn't be that straining. I mean, it's not like EVERY single ad needs checking. Customers w
Re: (Score:2)
Re: (Score:1)
I don't think it's quite so easy. You figure out how to do that reliably and I'll bet you've got a job waiting for you at Google.
Re: (Score:1)
So who's at fault? (Score:5, Interesting)
Re: (Score:1, Interesting)
$PROSECUTION: Your honour i visited the $DEFENDERS website i clicked on a link and i was infected by a trojan which stole my bank account details
$DEFENDER: that wasnt me it was a google advert that did it
$JUDGE: and who put the advert code on your website
$DEFENDER: I did your honour
$JUDGE: guilty as charged!, 3 years prison for fraud and theft by deception
$BANK: we would like now to issue precedings against $DEFENDER and $ADVERTISER for theft,fraud,conspiracy,wiretap laws, do you have a form we can fill out
Re: (Score:1)
$DEFENDER: Yes your Honour, I put the link on my site. However, Google links to me. If the proescution hadn't come to me via a Google search, he would not have been infected. Thus, Google are to blame.
$Google_Defense: Yes your Honour, we linked to his site. However, Microsoft Live Search linked to us.
(Optional)
$Microsoft_Defense: Yes your Honour, we linked to
Direct Answer: Microsoft. (Score:2)
My question is, if a malicious piece of malware get delivered to someone via a Google Ad on my site am I going to get sued? If my AdWords are just a ticking litigious timebomb maybe I should take them down....
The title was, "Who's at fault?" The answer is obviously Microsoft. It's their browser getting blown out and no one else's. Their search engine is also turning up more malware than Google [theregister.co.uk].
I can't imagine you being sued because someone tricked Google and then did something nasty to someone else
Firefox Affected? (Score:2, Interesting)
Re: (Score:1)
Well that would depend on what's on the attacking page, wouldn't it? You can't simply say "this attack works only on X," because the attack can change at any time.
Re: (Score:1, Offtopic)
Re: (Score:1)
Whole new meaning (Score:3, Funny)
This just in (Score:3, Funny)
A couple of points (Score:2)
i) Use a filtering proxy (like Proxomitron [proxomitron.info]) to remove sponsored ads from search engine sites. Or, ignore these ads.
ii) The very trite - patch your software! The exploited MS IE hole was patched [microsoft.com] over a year ago.