Results 1 to 5 of 5

Thread: Sponsored search results lead to malware

  1. #1
    Anonymous Remailer
    Guest

    Sponsored search results lead to malware


    >From "Window Secrets"


    Sponsored search results lead to malware

    Susan Bradley By Susan Bradley

    The ads served by Bing and Google along with your search
    results are linking more and more often to sites trying to
    infect your machine.

    Neither Bing nor Google effectively prescreens these bogus
    advertisers, so it's up to us to detect and avoid them.

    You may recently have used either Google or Microsoft's new
    Bing search engine to find the popular Malwarebytes
    Anti-Malware utility. If so, chances are good that the
    sponsored ads alongside your search results contained links
    to the very malware that the security tool is designed to
    remove.

    The three largest search sites — Google, Yahoo, and Bing —
    regularly sell security-related keywords to criminals
    looking to trick you into downloading and installing fake
    anti-malware products. The crooks then steal your personal
    information or hold your system for ransom before letting
    you remove their malware from your machine.

    The search providers have been aware of this for years. To
    their discredit, they've done little to end the practice,
    even though it's in their power to do so. The reason?
    They're making money hand over fist from those sponsored
    text ads and don't want to kill the goose that lays the
    golden eggs.

    Case in point: A Windows Secrets reader searched Bing for
    Malwarebytes Anti-Malware. He clicked the first link
    displayed and ended up on a site that installed a rogue
    antivirus program on his PC. (See Figure 1.)

    Bogus Malwarebytes links in Bing Figure 1. Malicious
    sponsored ads are interspersed with links to legitimate
    companies when you query search engines for the
    Malwarebytes security program.

    Rather than getting a tool to clean up a friend's infected
    computer, this Web surfer ended up having to disinfect his
    own. He and several other people I've heard from recently
    were hit with the result of search services' selling
    sponsored links without validating those links' legitimacy.

    As search terms become popular, scammers jump at the chance
    to have their bogus ads appear among the results. To get
    their deceptive ads into these highly visible search
    results, these criminals simply buy these high-traffic
    terms from the search engines.

    Big-name sites still serving up malicious ads

    Another form of dangerous Web ads appears on otherwise
    legitimate sites.

    WS contributing editor Scott Dunn described a year and a
    half ago in an April 17, 2008, Top Story infectious Flash
    ads that achieved space on well-known sites. I also
    reported on drive-by malware downloads in the June 11,
    2009, Top Story. In the most-recent case, NYTimes.com and
    other established sites hosted malware-infested ads. The
    New York Times described the attack in a Sept. 14 article.

    When malicious ads — or "malvertisements" — enter the
    rotation on these sites, your system may become infected if
    you merely view the page. This is especially true if your
    versions of media players based on Java, Flash, or
    QuickTime are out-of-date.

    It's getting so bad that even top officials at Google
    acknowledge the problem, though they haven't yet taken
    steps to halt it. Eric Davis, head of anti-malvertising at
    Google, stated at the 2009 Virus Bulletin Conference that
    the industry needs to work together to combat this problem.

    As reported by Dennis Fisher on Kaspersky Lab's Threat Post
    site, Davis called for the creation of an industry
    clearinghouse that would certify ad servers. Such an
    organization would allow all search vendors and other sites
    to use online-ad agencies without fear that a malicious ad
    would insert itself into rotation.

    Microsoft has decided to use the courts as a weapon against
    malicious advertisers. A Sept. 18 Associated Press article
    posted on the MSNBC site states that the company is
    attempting to go after several suspicious ad vendors.

    Even using Yahoo or a smaller search index won't prevent
    such attacks, because second-tier engines have been hit
    with malicious ads, too, as a Sept. 25 story by Deborah
    Hale on Incidents.org reported.

    Ways to fight back against online attack ads

    Following my investigation of the malicious ads on Bing, I
    contacted the Microsoft Security Response Center, which can
    be reached via secure at microsoft.com. Within a few days,
    the offensive ads were removed.

    However, searching on the term malwarebytes combined with
    such words as virus and antivirus continued to return
    dubious destinations in Bing's sponsored-links section.

    The same type of ads appears among Google results when you
    search on similar terms. Depending on the location you
    search from, you may see a link to Cyberdefender.com among
    the results. This company is listed on the hpHosts site as
    selling fraudulent software.

    I reported this site to Google via a Web form on the Google
    site. But to date, no action has been taken to remove this
    and related malicious links.

    Unfortunately, balancing the scales of justice takes time.
    What can you do in the meantime to help protect yourself
    from these malicious ads?

    * Don't expect flawless protection from your Web browser of
    choice. Internet Explorer, Firefox, and other browsers now
    support bad-sites lists, but every malicious ad server may
    not be known. Nor are browser security add-ons perfect.
    McAfee SiteAdvisor, for instance, may include results that
    are up to one year old, as WS contributing editor Mark
    Edwards reported on Feb. 12, 2009.

    * If you're not sure, verify the URL. Microsoft and Google
    have large payrolls, but the search giants don't employ
    literal armies to review ad submissions. If you're at all
    suspicious of an ad's legitimacy, check the URL via a
    service such as hpHosts, which tracks domain names that
    researchers have reported as malicious.

    * Help vendors by reporting malicious advertisers. To
    report bogus ads on Google, e-mail security at google.com.
    This is likely to be more effective than reporting the site
    via the search giant's online form. If you discover malware
    purveyors advertising in Bing's results, e-mail secure at
    microsoft.com. Yahoo, however, offers only a Security
    Phishing Report Form.

    I do hope that Google, Microsoft, and Yahoo can put their
    differences aside and correct this situation. In the
    meantime, be careful when you search and be suspicious of
    sponsored links. Too many of them are fictitious these days
    — and dangerous.

  2. #2
    ASCII
    Guest

    Re: Sponsored search results lead to malware

    Anonymous Remailer wrote:

    >your system may become infected if
    >you merely view the page.


    Wow!
    That's almost enough to scare me into spending money on someone's
    product, that is if I could muster up any faith in anything from a
    source using an 'Anonymous Remailer'.
    FWIW: There isn't any place on the internet that I can't click for fear
    of consequence, nope, nothing online can touch me ;-)))
    Nor can anything sent via email either ;-)))

  3. #3
    Beady
    Guest

    Re: Sponsored search results lead to malware


    "ASCII" <me@privacy.net> wrote in message news:4ace4ec0.969281@EBCDIC...
    > Anonymous Remailer wrote:
    >
    >>your system may become infected if
    >>you merely view the page.

    >
    > Wow!
    > That's almost enough to scare me into spending money on someone's
    > product


    Hello :)

    You may be pleased to note that others (perhaps not quite a *sure* as you
    seem to be ASCII) no longer have to spend any money to get *some* added
    protection!

    I visited a web page recently and received a Warning regarding
    malware http://i35.tinypic.com/4fj7n.jpg :-

    I now appreciate that I got the warning because I have set my
    browser (Safari) to recognise the trigger.

    Following some research, I discovered another URL which produced a similar
    warning.

    hxxp://thekrazykraftlady.blogspot.com/ (Obfuscated)

    I've now tried this URL using Google Chrome and the
    Warning 'picture' is similar, but not identical, to that which I see using
    Safari. Here's a screenshot: http://i33.tinypic.com/55i1xh.jpg

    I've also looked with Firefox 3.5 and I get a *different*, warning.
    Here's how it looks http://i36.tinypic.com/24g9evm.jpg

    Internet Explorer 8 - just reset to as new settings - shows *NO* warning
    message. Is that a surprise to anyone?!! ;)

    It would be great if others would advise what, if any, warnings *they* get.

    Anyone?

    Btw - the original article came from Windows Secrets.
    http://windowssecrets.com/2009/10/08...ead-to-malware

    --
    Dave (~BD~ using my wife's laptop right now!)





  4. #4
    ASCII
    Guest

    Re: Sponsored search results lead to malware

    Beady wrote:
    >
    >Google Chrome http://i33.tinypic.com/55i1xh.jpg
    >
    >Firefox 3.5 http://i36.tinypic.com/24g9evm.jpg
    >
    >Internet Explorer 8 - just reset to as new settings - shows *NO* warning
    >message. Is that a surprise to anyone?!! ;)
    >It would be great if others would advise what, if any, warnings *they* get.
    >
    >Anyone?


    Using Opera v10.0 I get no warning as none is needed.

    >Btw - the original article came from Windows Secrets.
    >http://windowssecrets.com/2009/10/08...ead-to-malware


    Someone later indicated the source of that article but my initial
    response was to some nymshit giving no accreditation whatsoever and
    posting it as if it came from their own creative resources.

    The reason for my wry response was because there seems to be a culture
    of FearUncertainty&Doubt FUD that prevails in this and other fora that
    serves only to feed the starving egos of wannabe do-gooders.

    BYW: The person at that site (krazylady) offers this comment:

    Copied from http://thekrazykraftlady.blogspot.com/
    Caution! some browsers might perform poorly with this URL

    "Possible Malware Detection
    I recently received 2 separate emails from readers saying that when they
    try to get on this blog that they are being told by their anti-virus
    program/ Google Chrome that this site 'may be' distributing malware.
    One reader said that she was getting 'pop unders' when she accessed the
    blog. I recalled that a few weeks back one of the craft forums that I
    belong to was having a similar problem and she was advised to delete her
    plug board which was the cause of her problems because someone kept
    plugging a button that was redirecting to a malware site. ( I hope I got
    that right). Anyway, I went into Google Webmaster Tools and submitted
    this blog for verification and it does come back as saying 'this site
    may be distributing malware'. This is very upsetting to me and I do
    apologize to readers who have been having a problem.
    I've gone into my HTML layout and have not been able to detect anything
    that does not belong. I've run SuperAntiSpyware on my computer and no
    harmful spyware was detected. I also removed the plug board 'just in
    case' and resubmitted this blog for reconsideration ( meaning Google
    will review the site again to make sure it's not in violation. If it
    passes, then it will once again show up in Google searches and be
    considered 'safe'.
    I'm truly hoping that the problem lay in the plugboard and now that it's
    gone that there will be no more problems. Unfortunately, it could take
    up to several weeks for the reconsideration request.
    I just wanted to let you know I am not taking this lightly."

  5. #5
    ~BD~
    Guest

    Re: Sponsored search results lead to malware

    ASCII wrote:
    > Beady wrote:
    >> Google Chrome http://i33.tinypic.com/55i1xh.jpg
    >>
    >> Firefox 3.5 http://i36.tinypic.com/24g9evm.jpg
    >>
    >> Internet Explorer 8 - just reset to as new settings - shows *NO* warning
    >> message. Is that a surprise to anyone?!! ;)
    >> It would be great if others would advise what, if any, warnings *they* get.
    >>
    >> Anyone?

    >
    > Using Opera v10.0 I get no warning as none is needed.
    >
    >> Btw - the original article came from Windows Secrets.
    >> http://windowssecrets.com/2009/10/08...ead-to-malware

    >
    > Someone later indicated the source of that article but my initial
    > response was to some nymshit giving no accreditation whatsoever and
    > posting it as if it came from their own creative resources.
    >
    > The reason for my wry response was because there seems to be a culture
    > of FearUncertainty&Doubt FUD that prevails in this and other fora that
    > serves only to feed the starving egos of wannabe do-gooders.
    >
    > BYW: The person at that site (krazylady) offers this comment:
    >
    > Copied from http://thekrazykraftlady.blogspot.com/
    > Caution! some browsers might perform poorly with this URL
    >
    > "Possible Malware Detection
    > I recently received 2 separate emails from readers saying that when they
    > try to get on this blog that they are being told by their anti-virus
    > program/ Google Chrome that this site 'may be' distributing malware.
    > One reader said that she was getting 'pop unders' when she accessed the
    > blog. I recalled that a few weeks back one of the craft forums that I
    > belong to was having a similar problem and she was advised to delete her
    > plug board which was the cause of her problems because someone kept
    > plugging a button that was redirecting to a malware site. ( I hope I got
    > that right). Anyway, I went into Google Webmaster Tools and submitted
    > this blog for verification and it does come back as saying 'this site
    > may be distributing malware'. This is very upsetting to me and I do
    > apologize to readers who have been having a problem.
    > I've gone into my HTML layout and have not been able to detect anything
    > that does not belong. I've run SuperAntiSpyware on my computer and no
    > harmful spyware was detected. I also removed the plug board 'just in
    > case' and resubmitted this blog for reconsideration ( meaning Google
    > will review the site again to make sure it's not in violation. If it
    > passes, then it will once again show up in Google searches and be
    > considered 'safe'.
    > I'm truly hoping that the problem lay in the plugboard and now that it's
    > gone that there will be no more problems. Unfortunately, it could take
    > up to several weeks for the reconsideration request.
    > I just wanted to let you know I am not taking this lightly."


    Let me get this straight. Have you seen the warnings put up by Firefox,
    Google Chrome and Safari, but *not* seen a warning using Opera?

    Maybe you have *only* used Opera?

    Please clarify. Thanks. (In *this* newsgroup please!)

    --
    Dave (pleased that ASCII replied!)

Similar Threads

  1. Battle of 35 Antivirus, Who's The Champion?!
    By akbarri in forum Software Forum
    Replies: 10
    Last Post: 06-17-09, 01:28 PM
  2. The Web's most dangerous keywords to search for
    By Frank Merlott in forum alt.computer.security
    Replies: 0
    Last Post: 05-29-09, 10:00 AM
  3. Google results are all malware sites?
    By Brk in forum Software Forum
    Replies: 9
    Last Post: 02-05-09, 08:31 AM
  4. Vista search is horrid, need an alternative
    By Think in forum Software Forum
    Replies: 6
    Last Post: 08-18-08, 06:22 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •