subject: Google Deletes Rogue Ads, Dangers Persist posted: Wed, 02 May 2007 01:27:29 +0100
[Messy, not that I saw any of these ads, since Google's adserver is
already blocked by my HOSTS file. Which seems to be the best defence
against this class of attack. Of course if you want to see the ads,
(eg., if you want Google to know what you look at as you surf the
web, and also want to expose yourself to malicious ads), don't block
their adserver. See these for info on blocking sites with the HOSTS
file:
Google has removed ads that appear alongside Google search results
that re-directed users to malicious sites. But, according to security
experts, the fix is temporary and search engine users should not
assume sponsored links are all trustworthy.
"Search engines are just too easy a target for bad guys," says Roger
Thompson of Exploit Security Labs. On April 25, Exploit Prevention
Labs reported that malware distributors were using advertisements
placed via Google's automated AdWords system to infect unsuspecting
end-users with spyware designed to capture bank login user names and
passwords.
Thompson says Google's removal of the ads is a temporary fix and that
Google and other search engines need to overhaul their automated
advertising systems.
McAfee Data Confirms Risky Ad Trend
Other research by security firm McAfee's SiteAdvisor division found
in a December report that 8 percent of sponsored results from top
search engines AOL, Ask.com, Google, MSN, and Yahoo can often lead to
Web sites that contain spyware and scams, and are operated by people
who love to send out spam.
SiteAdvisor reports 0.13 percent of all links on major search engines
results contain browser exploits. AOL and Ask.com, it reports, have a
slightly higher number of dangerous links with 0.17 percent linking
to sites with browser exploits.
"Sponsored links are 2 to 4 times more likely to contain risky sites
including those with exploits," says Shane Keats, a McAfee research
analyst.
The report also puts into question Google's own interstitial warning
page designed to prevent Google users from visiting dangerous sites.
In SiteAdvisor's tests it says Google warned consumers for only 18
percent of Google general search results containing browser exploits.
McAfee SiteAdvisor, it should be pointed out, sells a browser
security toolbar SiteAdvisor Plus ($20) and also gives away a reduced
feature version of the toolbar.
Latest Threat is New and Nasty
According to Thompson, the way the exploit found within Google's
sponsored links worked is, when someone searched on Google for
"BetterBusinessBureau", for example, a list of sponsored links
appeared alongside search results. If someone clicked a booby-trapped
sponsored link they were the ad would redirect their browser through
URLs that attempted to automatically download a virus program (MSO6-
014) onto their computers before passing them along to the actual
sites that were advertised.
Exploits buried in the normal search results (not sponsored) have
long been a problem for search engines. The challenge scammers have
had is getting their rigged sites and links seen within search
results. By purchasing ads that appear at the top of search results
scammers get the visibility they need to drive traffic to their
exploited sites.
"People assume a level of trust when they visit a sponsored link,"
Thompson says. He says until search engines do more to vet the ads
that are submitted all bets are off as to a sponsored link's
legitimacy.
Protect Yourself
To protect yourself you should consider downloading either XPL's
Linkscanner, Scandoo's toolbar, or McAfee's SiteAdvisor, all
available in free versions.
