Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Businesses The Internet Security

Google Text Ads For Known Malware Sites 110

notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?
This discussion has been archived. No new comments can be posted.

Google Text Ads For Known Malware Sites

Comments Filter:
  • Notify the end users (Score:2, Interesting)

    by Anonymous Coward

    Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?

    • by larry bagina ( 561269 ) on Friday November 14, 2008 @09:05AM (#25759769) Journal

      That might viloate the google/website contract. Howewver, that's not the issue here. Google is running ads with links to malware sites, not ads on the malware sites (though they probably do that too).

      • by RulerOf ( 975607 )
        It wouldn't be too far of a jump to assume that voluntary termination is a clause they hold quite dearly in their side of that contract.
        • by Moryath ( 553296 ) on Friday November 14, 2008 @09:27AM (#25759963)

          Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

          It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

          Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

          Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

          • Re: (Score:3, Interesting)

            by causality ( 777677 )

            Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

            It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

            Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

            Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

            That's one thing I don't understand: If I can either refuse to send an HTTP Referrer header or forge it to always point to the site's index page (I use the Firefox RefControl extension but there are others that do the same), certainly Google can do this and avoid that entire set of problems. In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of

            • In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of a user it's useless or nearly useless; if I thought Webmasters needed to know the site I went to before I visited theirs, I would send them an e-mail to tell them.

              It's useful for bandwidth control; if some other site is leeching content, you can block/redirect requests from that referrer.

              The only real alternative at present (that I'm aware of) is to replace any images or files with something that's harder to inline into another site's content like a Flash gallery. We've already gone too far that way; no need to give sites another excuse.

            • by smoker2 ( 750216 )
              A lot of cgi is protected by not accepting connections from anywhere other than the localhost, because you don't want people accessing scripts in ways other than those you expose. As a first line of defence it's quite useful. You must be able to control the input as much as possible. None of my mySQL DBs are accessible outside localhost for example (although that doesn't rely on headers, it's hard coded in the connection string).
              • by makomk ( 752139 )

                A lot of cgi is protected by not accepting connections from anywhere other than the localhost, because you don't want people accessing scripts in ways other than those you expose. As a first line of defence it's quite useful. You must be able to control the input as much as possible. None of my mySQL DBs are accessible outside localhost for example (although that doesn't rely on headers, it's hard coded in the connection string).

                Yeah, but you can't safely do that using the referer header, since the attacker can send anything they want (including localhost). You need to look at where the connection is actually coming from.

            • Maybe someone should create a Firefox extension that allows you to optionally hide your referrer only when it would expose a 3rd-party URL.

              i.e. you pass a normal referrer if you're clicking from one page to another within the same domain/site, but it's scrubbed if you're coming from one domain to the other. This would fix most of the hotlinking concerns, and still allow a modicum of user privacy.

              Marketers (including myself) won't like it, but I'm pro-privacy before pro-marketing.

          • Re: (Score:3, Interesting)

            by Anonymous Coward

            Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

            It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

            Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

            Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

            Nice idea but impossible. I work in google adwords qualified company and we ourselves create thousands of google ads per day. And we aren't the largest company in the country by any means. And the country is smaller that most states of USA...

            The amount of ads is mind boggling.

            Google employees checking every single one periodically? That is impossible. Also, why not demand that Youtube employees would watch through every video?

            Now... Did Google do something wrong? Perhaps. If they delivered ads to location t

            • Google employees checking every single one periodically? That is impossible. Also, why not demand that Youtube employees would watch through every video?

              Don't give Viacom any bright ideas [cnn.com]...

          • by zacronos ( 937891 ) on Friday November 14, 2008 @10:36AM (#25760671)

            Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

            That's easier said than done. Here are some reasons:

            • The page was almost certainly clean when the ad was set up.
            • What if they use a database of known ip addresses (such as those available for free for PeerGuardian [phoenixlabs.org]) to attempt to avoid attacking a Google ip address, rather than looking at the referrer?
            • Many of the redirects are much more sophisticated today -- they don't do a server-side redirect request, they send some javascript to make the browser do a client-side redirect. That makes things difficult because now your spider must include a javascript interpreter.
            • What if there's a 10-second delay before the redirect? If your spider leaves the site too soon, it'll never know. In contrast, many users would likely still be on the page after 10 seconds.
            • What if the attack is only initiated as a result of some particular sort of user interaction, like a click on the page (similar to much of today's popup code)? How do you reliably test for all possible variations on that?
            • How often do you test the links? Once a day? That'll take a lot of resources for someone as big as google. Once a week? On average that means a site will have 3-4 days in the wild before they even get checked, and that frequency still might take a lot of resources.
            • What if, even after all that, the page only attempts to attack one out of every ten opportunities? Even if you check the link periodically, and are able to duplicate the circumstances necessary to trigger the attack, you may not catch the attempt until you've tested the page several times. At once a week checking each link, that would mean on average a month or more in the wild.
            • What if there's a 10-second delay before the redirect? If your spider leaves the site too soon, it'll never know. In contrast, many users would likely still be on the page after 10 seconds.

              Just about any setTimeout()-delivered attack would be effective. Spiders execute a very, very limited subset of JavaScript. And that's only recently, many don't execute any at all still.

              There are plenty of rumors that Google is using automated, modified Gecko engines for certain types of spidering. This would allow them to properly execute JavaScript for purposes like this.

              This is not nearly as efficient as their normal spider, for obvious reasons, but I think we'll start to see more of it as "blackhat" mar

  • by BenEnglishAtHome ( 449670 ) on Friday November 14, 2008 @09:01AM (#25759731)

    I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?

    There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.

    • by qoncept ( 599709 ) on Friday November 14, 2008 @09:07AM (#25759789) Homepage
      http://astalavista.box.sk/ [astalavista.box.sk]
    • by wjh31 ( 1372867 )
      i have to wondwe why you might want one of those unless you were after to proove rule 34, or were a racist, unless you were maybe doing some research into such things, but besides, i wasnt aware that google filtered out porn or hate-sites
      • It doesn't. in fact, Google image search is an excellent source of free pr0n
      • by BenEnglishAtHome ( 449670 ) on Friday November 14, 2008 @11:12AM (#25761059)

        i have to wondwe why you might want one of those

        Fair question.

        In my day job I work for the Internal Revenue Service. Years ago, I helped prototype a "lead development" process looking for tax non-compliance in entities that promoted themselves online. (Nowadays, that's everybody but not back then.) We started out looking at porn, hate peddlers, and rogue CPAs who dispensed bad advice (whatever you wanted to hear) for hefty fees. The CPAs were easy to find but the porn and hate guys? Not so much. You'd be surprised how many wholesome Midwest couples supplement their income by making beast porn and not paying taxes on their receipts. And if you think any of the white supremacist groups or similar wack-jobs out there actually comply with tax laws, I would like to tell you different.

        The problem was that when we tried to find these dodgy porn sellers and hatemongers, they were tough to find. A search engine that actually had useful results would have been a good thing.

        In other matters, I can remember when cjb.net was filled with not just awful porn but also cracker sites containing useful nuggets of tech information. They were also infested with whatever malware was around. At that time (What was it? About 5-8 years ago?), Google did index them. But I can easily imagine a need to get to similar neighborhoods today and finding that search engines are reluctant to point you to their malware-laden pages.

        It hasn't been my job to poke around in such places for a long time but I think it's obvious that there are legitimate reasons to do so.

        i wasnt aware that google filtered out porn or hate-sites

        Google doesn't filter much. I know that there are lots of sites that simply don't appear in their results but I have no idea whether Google purges those sites because of potentially illegal content or if the sites themselves are opting out of being crawled. But no matter the cause of non-appearances, there still don't seem to be any search engines I know of that do a good job of indexing the content they have for these types of sites.

        For example, in the situation I described a couple of paragraphs ago we found that the hate sites were very hard to track until we realized that long before we got interested in them, there were other people (namely, their victims) who had a huge interest in cataloging them. The Anti Defamation League catalog of hate sites was a gold mine, an absolutely invaluable resource. They had compiled their catalog by talking to victims and dealing with the bad guys. Trying to compile the same sort of catalog from Google results would be very, very difficult. (To be fair, back when I was doing this I mostly used HotBot and NorthernLight; this isn't a Google-specific complaint.) We started from the ADL catalog and spidered out from there, essentially building our own search database. It would have need nice if someone else had already done the work for us.

        Besides, what's wrong with occasionally proving Rule 34? :-)

        • by wjh31 ( 1372867 )
          well thank you, that's very interesting/insightful, although ive yet to figure out how to 'mod up' in such a manner
  • give 'em a break (Score:5, Insightful)

    by v1 ( 525388 ) on Friday November 14, 2008 @09:02AM (#25759739) Homepage Journal

    To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

    Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?

    This is NOT "stuff that matters"

    News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!

    • by Joce640k ( 829181 ) on Friday November 14, 2008 @09:16AM (#25759853) Homepage

      You can't expect them to check every single link on every single page in real time.

      I could easily set up a page that waits for a visit from the google page-checker then modifies itself to contain bad stuff. That would give me a window of attack.

      • Or, you could serve Googlebot different content to that which you serve other agents (cloaking: blackhat SEO 101).
      • This has been done, but Google now makes seemingly random subsequent visits from cloaked user agents and non-obvious IP blocks, so this vector's effectiveness is very limited now.

    • Taking the local traffic cop a step further:
      How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?
      • I'd be pissed off.

        Everyone else can tell me where the local dealer is without me having to pay them for the information ;)

      • Taking the local traffic cop a step further: How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?

        I'd start to wonder why a police officer was directing me to a drug dealer. Actually, my first reaction would be, "What the hell is a cop doing talking to me?" I don't think the analogy is working as intended.

        • True the analogy is not working 100%, but what I wanted to say, is that google is doing more then "overlooking" malware. They are advertising these sites, thus making money with those ads. I don't want to imply that they do this deliberately, but it's not an oversight, they could and should automatically compare the advertisers with their malware black lists.
    • by jorghis ( 1000092 ) on Friday November 14, 2008 @09:41AM (#25760105)

      You guys are missing the point. Its not a matter of humans checking each link and making an oversight. Its a matter of Google accepting ads from sites that its magical filtering system knows for a fact are spam sites/link farms/malware etc. If they didnt accept ads from sites that their database knows to be not so great websites then there wouldnt be any oversight. Computers dont make oversights so the only way this could have happened is if Google decided to apply a different standard for filtering their advertisers than they do to regular webpages.

      • by maxume ( 22995 )

        So a bunch of people are concerned that Google has too much information and will combine their databases in ways that are hostile to users, and a bunch of other people are concerned that Google isn't doing a good enough job combining their databases?

      • by Zadaz ( 950521 )

        Except fooling a computer that relies on robots.txt is pretty trivial. And if Google didn't abide by robots.txt then they'd catch hell for that.

        Compared to the tens (hundreds) of millions of ads Google serves a day, a single one being unpleasant is not statistically significant. Go out there and find us some valid data.

      • You guys are missing the point. Its not a matter of humans checking each link and making an oversight. Its a matter of Google accepting ads from sites that its magical filtering system knows for a fact are spam sites/link farms/malware etc.

        Its "magical filtering system" doesn't know what you say "for a fact". What it knows, for a fact, is that the site meets the criteria under which Google will not list the page in search results because it appears to be such a thing. Note that Google's business model is ab

    • Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?

      If one were so inclined, one might, without any conspiracy theory or other leaps of unlogic, consider "one instance" to be "the first time they got caught,"

    • by lazlo ( 15906 )

      Actually, Google probably just realized the truth: People actually click on search results. Ads, not so much.

      Eliminating the malware from search results is far more important.

  • Smoke, no fire (Score:3, Insightful)

    by Sneftel ( 15416 ) on Friday November 14, 2008 @09:05AM (#25759759)

    A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.

    Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.

    • by Zerth ( 26112 )

      Exactly, just because Google blacklists malware sites does not mean that all sites that aren't indexed by Google are malware sites.

      That said, "antivirus pro 2009" and several other variations used to be advertised a few days ago, as well. I had to clean that crap off a machine in a remote office because the user got nailed by some fake UPS spam and our corporate antivirus(McCrappy) didn't prevent the install and didn't see the infection on the daily scan, only blocked the IE hijacking.

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Friday November 14, 2008 @09:05AM (#25759773)
    Comment removed based on user account deletion
    • by wjh31 ( 1372867 )
      i thought it was possible to select what kind of content you were ok with having in your hosted google ads, i.e able to choose not to have anything mature advertised on your site
  • My roommate got that virus on his laptop. It's a P3 500Mhz, a little old and slow to run these kitchen sink firewall/antivirus programs that are out now.

    I did get SpyHunter to identify the problems, which it did admirably. (you gotta pay for it to actually FIX the problem).

    When you go into Safe Mode and try to delete some of the offending files, it STILL access denies you. I had to use Task Manager to stop the explorer shell altogether, then 'DEL' them from the command line. Once done I ran ole' t
  • by Progman3K ( 515744 ) on Friday November 14, 2008 @09:27AM (#25759953)

    So why worry?
    At least this way the malware companies pay someone and end up infecting no one.

    Seriously have YOU ever clicked on an ad?

    I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
    And that's after about two thousand visits to the site and maybe 200 downloads!

    Here is my 'required by google' policy on the ads:
    http://gentooxo.org/disclaimer.shtml/ [gentooxo.org]

    So useless are the ads that I am thinking I will simply drop them...

    • Oops, link should have been: http://gentooxo.org/disclaimer.shtml [gentooxo.org]

    • by repvik ( 96666 )

      There. You've got a click. Happy now?

      • There. You've got a click. Happy now?

        Not if you got infected.
        Although Google does promise that they use your site's Google index rating to select the ads and in the case of GentooXO, that would mean things that have to do with the OLPC, so there is almost no chance malware writers would write ads for this segment...

        I use ad-blocking techniques, so every time I check the site I see no ads at all but the few times I have seen it from someone else's computer, the ads DID seem targetted to the OLPC, which is so

    • 2k total visits? You need a lot more traffic to make use of ads. I would think something along the lines of 2k a day. Even then its not a lot.

    • Re: (Score:3, Interesting)

      by ledow ( 319597 )

      I helped put Google Ad's on a site my brother runs... http://www.scoutingresources.org.uk/ [scoutingresources.org.uk]

      We get enough money from the ad's to host the site (which has some pretty hefty bandwidth needs at the moment but we have a very charitable host who does us lots of favours) and run a couple of camps for the Scouts every year. The clickthrough ratio is the same as my own sites, about 0.30%, but the number of visitors means it's actually profitable. Of course, we get that amount of visitors but being useful, prevelant

    • Re: (Score:3, Interesting)

      by trongey ( 21550 )

      Progman3K,
      Your target demographic is people who want something for free. Do you really expect them to click on ads for for stuff that costs money?

    • I just added ads to my site and I've already paid for half of my hosting in about a week. I think the problem is your target demographic: Linux users. Most of them are obviously quite knowledgeable about things like Firefox, Adblock, Opera, Noscript, etc. My site kind of falls in between with video games. There are knowledgeable people and then there are just kids doing kid stuff.

      Plus 2000 hits is not that much, click through ratio is really not that good for any site, your sample size is just not that

      • by maxume ( 22995 )

        Until teh Google reads this thread and cancels his account.

        • It could happen, but he didn't outright ask anyone to click his ads. I still chose to do it myself, I actually saw one for O'Reilly and spent a few minutes there checking out their new stuff.

          • by maxume ( 22995 )

            When I go reward clicking, I try to click on ads for companies that look dubious or that I don't like.

            I suppose I would also click on an ad for something I thought I might buy, but I tend to be a bit of tightwad, so that doesn't really come up.

    • by sukotto ( 122876 )

      Even though your project looks pretty cool, I'd be surprised to hear you get much traffic. And ad clickthroughs are small (even at the best of times)... like 1% of users will even LOOK at the ad. Of those, only a few percent will click.

      What you describe is a teeny tiny micro-niche site. I mean, come on...
      A do it yourself, operating system for a laptop that's not readily available to the general public?
      (You might be able to buy one during the once-a-year buy-1-get-1 sale... and even then changes are good

      • Bah, it doesn't matter!

        I wasn't doing it for the money anyway.

        I will remove the ads. Felt cheap putting them there to begin with.

        For the record, my G1G1 OLPC was ordered in mid-November and was received in late January.

        It has a defective keyboard (which I can fix) but otherwise it is a great little machine. I am just worried about playing around in there (my big hands) since it is the only unit I have.

    • Seriously have YOU ever clicked on an ad?

      No. And I never installed Gator or the Comet Cursor toolbar either.

  • I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.

    "You are infected with a malware that you picked up because of your browsing habits"

    Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site. I actually had just updated my virus definitions (avast), and updated my firewall. My windows updates are not as up to date as they could be, which is rather

    • Re: (Score:3, Insightful)

      I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.

      "You are infected with a malware that you picked up because of your browsing habits"

      Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site.

      As they said, infected due to your browsing habits.

      If you were running an ad blocker, you couldn't have been infected by an ad. It almost certainly required scripting, with a good chance it required cross-site scripting, as well. Thus, scripting off by default, regardless of your ad viewing preferences, would have stopped it in most cases, and even if you had that mainline site whitelisted, the malware site it tried to load stuff from would have fallen into the no-scripting default and thus would have bee

      • All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!

        I'm sure what is meant is "if you're going to search for vvarzz you're going to get infected". I could change my platform, I could run an ad blocker.

        Browser, well, I got infected using firefox v2.0.0.18. I "should" update.

  • by glindsey ( 73730 ) on Friday November 14, 2008 @10:32AM (#25760615)

    You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:

    "spybot": 3 sidebar, 1 at the top.
    "adaware": 3 at the top
    "ad-aware": 1 sidebar, 1 at the top

    I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.

  • News Flash: The Internet is a potentially dangerous place! There are bad things out there.

    Is anyone particularly surprised that a business isn't actively trying to police it? That would be a huge sinkhole of money.

    Oh and their anti-malware site protection on search results isn't perfect either. Occasionally stuff still slips through.

    Nothing to see here, move along...

  • It seems like half of the stories here are posted for us to go through the same gratuitous cycle. A halfway baseless article criticizes or praises a company that for some reason a lot of us like and a lot of us dislike. A lot of people post about the article proving that the company is evil. Other people respond and defend the company. A few posts on either side are reasonable and balanced. A few are reasonable and unbalanced. Most are just a big pile of poorly concealed flame. Then we repeat in 90 m

  • That's not a lone example. Search with Google for "craigslist auto posting software". These are all paid Google ads:

    • "CL Posting Software www.adsoncraigs.com The worlds Best Selling CraigsIist software. Works with new CAPTCHA!"
    • "Craigs Works Must Try Us webtrafficus.com We do the work no software To Buy Best Service All Ads Guaranteed Up"
    • TopPost Inc. www.toppost.com The Leader in Posting Services 866-895-6888 -- info@toppost.com
    • Buy Craiglist accounts Phone verified accounts, hassle-f
  • and if the links go to EvilLand, send the deposit back, and notify SpamHaus and the other badware trackers.

  • A while back my credit card info was stolen and I first noticed it because of some suspicious charges.

    What were the charges?

    Google adwords. Several hundred dollars worth and all pointing to malware sites.

    Clearly, the first for steps whomever stole my credit card info were to set up ads directing folks to sites that could potentially be used to infect more machines, steal more info, etc.

    This was almost a year ago, so Google (at some level) has to know that this sort of thing is going on. And if it's still g

  • Google AdWords are still in beta, its a work in progress. Soon we shall see final release without such bugs.

If all else fails, lower your standards.

Working...