Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Malware hijacks Adsense ads

From: David Farber <dave () farber net>
Date: Thu, 29 Dec 2005 06:32:57 -0500


Begin forwarded message:

From: Kate <kate () pulpculture org>
Date: December 28, 2005 8:10:32 PM EST
To: dave () farber net
Subject: Malware hijacks Adsense ads

Hi Dave,
I thought this might be of interest to the many IP readers who have a blog or use Adsense on their sites:
A Trojan Horse program that targets Google ads has been detected by an Indian Web publisher 
Tuesday, December 27th, 2005
Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense, the program that lets website owners display ads from Google's list of advertisers. The Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.
Since the Trojan Horse makes the deceptive ads look like normal Google ads, the program was nearly impossible to detect by the general public. However, Raoul Bangera, an Indian web publisher, discovered the bogus program and contacted the Google AdSense team. Bangera emailed the team a number of cases, including various screenshots, log files of an infected computer and system files as proof. The AdSense team validated the news saying, "We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer."
The working of the Ad has a specific procedure. Wherein when the ad is clicked it forwards the user to 3 different sites one after another. What follows next is that the user finally lands himself to a page having a bevy of ads and links to more ads. Through this malicious program advertisers and publishers are the ones who are being deprived of their revenue.
"There is a bug in the Trojan Horse which converts Google and Firefox referral graphic buttons into text links. Contrary to the normal Google ads, which have some correlation to the content on the web page, these malicious ads had no content that was remotely similar to the pages to which they had been attached, " said Raoul Bangera. "Most of the ads were about gambling or adult content, which are banned categories in Google AdSense, clearly indicating a suspicious origin."
It has been further noticed that the Google AdLink Ads remain unaffected. The Adsense Trojan Horse attacks small publishers. The premium publishers and ads displayed by Google's websites are apparently unaffected.
This is not the first time Google Adsense has been hit. In January 2005, Google took immediate action and removed some ads that caused malicious code to be installed on visitor's computers.
With the speed and promptness with which Google is working at this hour to fix up the vulnerability, Bangera says that he is absolutely confident that within no time the problem would be resolved.
<http://www.techshout.com/internet/2005/27/a-trojan-horse-program- that-targets-google-ads-has-been-detected-by-an-indian-web-publisher/> 

Also reported at JenSense:
<http://www.jensense.com/archives/2005/12/malicious_softw.html>


Regards,

Kate

http://blog.pulpculture.org

"It's visually delicious and pensively random. Or
maybe, it's deliciously visual and randomly pensive.
    - Dave Harper, Space Coast Web





-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: