[IP] Malware hijacks Adsense ads
Begin forwarded message:
From: Kate <kate@xxxxxxxxxxxxxxx>
Date: December 28, 2005 8:10:32 PM EST
To: dave@xxxxxxxxxx
Subject: Malware hijacks Adsense ads
Hi Dave,
I thought this might be of interest to the many IP readers who have a
blog or use Adsense on their sites:
A Trojan Horse program that targets Google ads has been detected by
an Indian Web publisher
Tuesday, December 27th, 2005
Techshout.com reports that a new, deceptive Trojan Horse program has
surfaced. The program is engineered to produce fake Google ads that
are formatted to look like legitimate ones. The ads are incorporated
in Google AdSense, the program that lets website owners display ads
from Google's list of advertisers. The Trojan Horse apparently
downloads itself onto an unsuspecting computer through a web page and
then replaces the original ads with its own set of malicious ads.
Since the Trojan Horse makes the deceptive ads look like normal
Google ads, the program was nearly impossible to detect by the
general public. However, Raoul Bangera, an Indian web publisher,
discovered the bogus program and contacted the Google AdSense team.
Bangera emailed the team a number of cases, including various
screenshots, log files of an infected computer and system files as
proof. The AdSense team validated the news saying, "We can confirm
from the screenshots that these are fake Google ads, formatted to
look like legitimate ads. We agree that this phenomenon is likely the
result of malicious software installed on your computer."
The working of the Ad has a specific procedure. Wherein when the ad
is clicked it forwards the user to 3 different sites one after
another. What follows next is that the user finally lands himself to
a page having a bevy of ads and links to more ads. Through this
malicious program advertisers and publishers are the ones who are
being deprived of their revenue.
"There is a bug in the Trojan Horse which converts Google and Firefox
referral graphic buttons into text links. Contrary to the normal
Google ads, which have some correlation to the content on the web
page, these malicious ads had no content that was remotely similar to
the pages to which they had been attached, " said Raoul Bangera.
"Most of the ads were about gambling or adult content, which are
banned categories in Google AdSense, clearly indicating a suspicious
origin."
It has been further noticed that the Google AdLink Ads remain
unaffected. The Adsense Trojan Horse attacks small publishers. The
premium publishers and ads displayed by Google's websites are
apparently unaffected.
This is not the first time Google Adsense has been hit. In January
2005, Google took immediate action and removed some ads that caused
malicious code to be installed on visitor's computers.
With the speed and promptness with which Google is working at this
hour to fix up the vulnerability, Bangera says that he is absolutely
confident that within no time the problem would be resolved.
<http://www.techshout.com/internet/2005/27/a-trojan-horse-program-
that-targets-google-ads-has-been-detected-by-an-indian-web-publisher/>
Also reported at JenSense:
<http://www.jensense.com/archives/2005/12/malicious_softw.html>
Regards,
Kate
http://blog.pulpculture.org
"It's visually delicious and pensively random. Or
maybe, it's deliciously visual and randomly pensive.
- Dave Harper, Space Coast Web
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/