homepage Welcome to WebmasterWorld Guest from 54.204.68.109
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

This 43 message thread spans 2 pages: 43 ( [1] 2 > >     
Experts: Google Doesn't Police Advertisers
phranque




msg:3323627
 10:51 am on Apr 27, 2007 (gmt 0)

from pc world [pcworld.com]:
Google could avoid future malware attacks carried out using advertisements posted on its Web sites if the company more thoroughly investigated customers of its AdWords system, according to security and legal experts.

On April 25, researchers with security software maker Exploit Prevention Labs announced that they had uncovered hard evidence that malware distributors were using advertisements placed via Google's automated AdWords system to infect unsuspecting end-users with virus code.

According to Roger Thompson, chief technology officer at Exploit, based in New Kingstown, Pa., the malware brokers used fraudulent advertisements for legitimate organizations such as the Better Business Bureau to trick users into clicking on the links.

When someone clicked such a link, the ad would redirect their browser through URLs that attempted to automatically download virus programs onto their computers before passing them along to the actual sites that were advertised.


 

Hobbs




msg:3323666
 11:29 am on Apr 27, 2007 (gmt 0)

Well, add to the above p0rn and MFA, the rules are there, just better enforcement is overdue, they already have most of the detection code on the search engine end, but have been slow/reluctant to fully apply it to paying customers so far.

Marcia




msg:3323679
 11:44 am on Apr 27, 2007 (gmt 0)

Saw one last just night. An ad for something free for something very "domestic." Not free at all, its just a download button for well known, malicious adware/spyware that's very hard to get rid of.

europeforvisitors




msg:3323819
 1:24 pm on Apr 27, 2007 (gmt 0)

Is it even possible for an ad network to police malware criminals in real time? It seems to me that an advertiser could buy an ad that pointed to a legitimate landing page, then pull a switcheroo after the ad is running.

Granted, it might be possible to tell whether an advertiser is really the Better Business Bureau of Widgetville, but that's just one specific example of a much broader problem.

What we really need are laws and law-enforcement agencies that can identify and lock up at least some of the bad guys.

pageoneresults




msg:3323860
 2:06 pm on Apr 27, 2007 (gmt 0)

What we really need are laws and law-enforcement agencies that can identify and lock up at least some of the bad guys.

Hopefully one day we will have an all encompassing Internet law that everyone falls under. Until that happens, if they are not in the United States or another country that takes this seriously, there really isn't much that can be done except by Google itself. They are providing the outlet for this crap!

farmboy




msg:3323861
 2:07 pm on Apr 27, 2007 (gmt 0)

Experts: Google Doesn't Police Advertisers

Google doesn't police advertisers? Who knew?

Where would we be without experts?

FarmBoy

farmboy




msg:3323880
 2:23 pm on Apr 27, 2007 (gmt 0)

It seems to me that an advertiser could buy an ad that pointed to a legitimate landing page, then pull a switcheroo after the ad is running.

I would think there are enough brains at Google to develop some method of determining such a change.

What we really need are laws and law-enforcement agencies that can identify and lock up at least some of the bad guys.

I couldn't disagree more. If you think it's frustrating now, just wait until a government "solution" is implemented.

Google could impact this sort of thing without trying to chase down every single offending advertiser by just slamming a few and making it public.

And there are other innovative means they could use & even compensate independent surfers to detect bad ads without the need of hiring a massive number of new employees.

Yesterday I first read about this bug/virus thing on Instapundit, a very influential cultural/political blog. He remarked that he never clicked on AdSense ads anyway and that sort of thing hurts us publishers who want people to be comfortable in clicking.

Google's silence is deafening.

The "I've been banned" threads on this forum have made it clear not to click your own ads, and if you do, you have no one else to blame but yourself.

I think Google's continued absence of action on poor quality ads makes it equally clear that every publisher should be working hard on developing non-AdSense income. If a publisher doesn't and suffers as a result, he/she has no one to blame but himself/herself.

I've been working on changing my long-term plans / strategy over the past month or so and as a result, some of my formerly best performing AdSense pages no longer have AdSense displayed, or AdSense is in a non-important position on the page.

FarmBoy

europeforvisitors




msg:3323898
 2:43 pm on Apr 27, 2007 (gmt 0)

I couldn't disagree more. If you think it's frustrating now, just wait until a government "solution" is implemented.

What's wrong with arresting and prosecuting criminals? It seems to me that treating malware as a crime--and going after the crooks--would send a stronger message than "Hey, it's just an Internet thing, so let the Silicon Valley geeks deal with it" or "Why bother prosecuting crooks at home when other crooks are overseas?" does.

By the way, this isn't just a Google (or PPC network) issue. Malware is also being spread through other advertising channels. So, while it will be helpful if Google goes after malware types, that won't even begin to solve the larger problem.

Leonard0




msg:3323938
 3:26 pm on Apr 27, 2007 (gmt 0)

There doesn't seem to be an easy method of reporting Adwords abusers as there is for Adsense, on either the SERPs or the content network.

The only way to report abusive advertisers on the content side appears to be by clicking on the "Ads by Google". Then you have find the link at the bottom of the page that lets you report the ads you just saw. You cannot specify which ad is problematic or if the ad was on a previous page or what the problem was.

Is there a page on Google where you can make an real report? I can't find one.

I would like to be able to refer people with advertiser complaints to Google's site where advertising guidelines are listed and a form is available to state the nature of the complaint.

farmboy




msg:3324053
 4:46 pm on Apr 27, 2007 (gmt 0)

What's wrong with arresting and prosecuting criminals?

There is a difference in arresting and prosecuting criminals and in creating new laws, having bureaucrats interpret those laws, etc.

FarmBoy

maxgoldie




msg:3324132
 5:48 pm on Apr 27, 2007 (gmt 0)

This issue IMO has more to do with exploits in the MSIE browser than with Google.

bwnbwn




msg:3324178
 6:39 pm on Apr 27, 2007 (gmt 0)

This seems to me a very good class action lawsuit against Google as they are responsible for the ads showing thus they are responsible for the problem.

I would assume one will be coming forth very soon seeing how Google has been so mum on the whole thing but looks like the story will soon be breaking all over the net and I know with billions to get at a lawyer is foaming right now at the mouth..

carguy84




msg:3324192
 6:55 pm on Apr 27, 2007 (gmt 0)

This issue IMO has more to do with exploits in the MSIE browser than with Google.

Firefox doesn't support downloading of files?

europeforvisitors




msg:3324199
 7:04 pm on Apr 27, 2007 (gmt 0)

This seems to me a very good class action lawsuit against Google as they are responsible for the ads showing thus they are responsible for the problem.

Gee, and I thought the criminals were responsible for the problem.

Remind me to sue the post office the next time I'm a victim of mail fraud.

marcel




msg:3324211
 7:14 pm on Apr 27, 2007 (gmt 0)

Remind me to sue the post office the next time I'm a victim of mail fraud.

Don't forget the newspapers when they publish misleading advertising, or scammers advertising in their classifieds...

;)

creepychris




msg:3324215
 7:21 pm on Apr 27, 2007 (gmt 0)


I wonder if they couldn't solve part of the problem the way they do with webmaster tools. Require the the adwords account to place a file in the root directy of any domain that they are going to redirect to. It would essentially say, "yes, it is my domain that is being redirected to."

jtara




msg:3324243
 7:51 pm on Apr 27, 2007 (gmt 0)

What we really need are laws and law-enforcement agencies that can identify and lock up at least some of the bad guys.

In the case of the attack that's been publicized in the press, the domain is registered to a company in New Zealand. The web site's IP address belongs to a company in Panama. The web sit's IP address geolocates to Russia. They are targeting bank accounts in multiple countries.

How many YEARS would it take before the Slobovian police knock on the perp's door?

These people are clever, and the law will never catch-up with 99+% of them.

It's up to Google to clean it up. Not because of any law or morality - but because it will destroy Google if it gets out of hand.

bwnbwn




msg:3324253
 7:57 pm on Apr 27, 2007 (gmt 0)

There is a difference as Google is being used to launch the attack and actually helping in the spread of the attack.

newspaper you have to take the action make the call etc same as mail but this is different as the action is being done through Google all the user has to do it click on an ad placed on Google.

This could be easiely stoped.

Is this an issue with MSN and Yahoo?

simey




msg:3324264
 8:07 pm on Apr 27, 2007 (gmt 0)

The wheels of justice turn slow.
The wheels of technology turn fast.

Got to do it at the tech level.

People use technological solutions (i.e. security cameras to prevent theft) all the time, and of course you still have to prosecute criminals if they are in your jurisdiction.

martinibuster




msg:3324269
 8:13 pm on Apr 27, 2007 (gmt 0)

What we really need are laws and law-enforcement agencies that can identify and lock up at least some of the bad guys.

The responsibility cannot be shifted away from Google. That crap is originating from Google's system. From the standpoint of protecting their brand, one hopes they will react to this, instead of lobbying for laws. It would be counterproductive to do otherwise.

Instead of shifting responsibility, a better defense of Google could be something like:

It's difficult to anticipate every negative use of the AdWords system, and I'm sure this caught them by surprise. In the interest of protecting their brand and trust in the system you can bet your bottom dollar they're working on weeding out rogue advertisers even as we speak.

bwnbwn




msg:3324282
 8:38 pm on Apr 27, 2007 (gmt 0)

martinibuster

Absolutely my thoughts exactly

They can be sarcastic if they want to There is a differnce and acting like a child won't make it any different...

"Remind me to sue the post office the next time I'm a victim of mail fraud"

[edited by: bwnbwn at 8:38 pm (utc) on April 27, 2007]

Powdork




msg:3324283
 8:38 pm on Apr 27, 2007 (gmt 0)

from the pcworld article
It's highly likely that these malicious ads appear throughout the Google network, including in Gmail, and they may also show up on sites like AOL and Ask.com that are advertising syndicates.
Geeze, they forgot to mention every site running Adsense or YPN. Where does all this leave the typical webmaster running Adsense. Aren't we responsible for the ads that are shown on our site? As it is now we have two choices. Make the conscious decision to stick with Adsense, knowing that we could be unleashing something like this on our users and face possible legal action; or leave the program. It would be nice to have more choices.
I would be better able to police my sites if there were some sort of 'verified IP' where I could click away on the ads my own sites to check them out.

blend27




msg:3324288
 8:43 pm on Apr 27, 2007 (gmt 0)

"Blue widgets store"(where blue widgets is #1 phrase for my niche)

Results returned by Google search rank a website as #1, if you go to that site, the first block of text you see is Adsence.

The second block of text(10 words and a link).

The third block of text is starting with a link, if you go to that link/page it tries to install a virus that crashed my PC 1 year ago. The virus is downloaded via IFRAME that points to 85.249.22.XX address. It has been over a year sinse I pointed it out, I sent an email to Google General and Adsence.

Cannn n n n n n n-ned Reply.

Oh ye, The reason that first page ranks is above my level of intelegence. The only link to Blue Widget Website on that page is a link to a site that went out of Bussiness 2 years Ago and Currently Parked at Pool.

The only thing this algo is designed to do is to make sure, well to Ad sence?...

bwnbwn




msg:3324293
 8:49 pm on Apr 27, 2007 (gmt 0)

blend27
Actually they most likely have a bunch of paid anchor text links for that exact phrase as this is what everyone is doing now and working really well.

Want number 1 position buy links with your anchor text it works I don't care what google says

europeforvisitors




msg:3324310
 9:20 pm on Apr 27, 2007 (gmt 0)

They can be sarcastic if they want to There is a differnce and acting like a child won't make it any different..."Remind me to sue the post office the next time I'm a victim of mail fraud"

Sorry if I hurt your feelings, but some of us have seen one too many idle references to class-action suits on these forums (usually by people who mutter about "restraint of trade" or "antitrust" when their rankings or AdSense earnings head south).

Back to the topic at hand:

The problem that's being discussed here is not exclusive to Google, and while we can hope (and expect) that Google will vigilant in dealing with the problem, we can also be sure that malware attacks of this type aren't going to stop.

Where does all this leave the typical webmaster running Adsense. Aren't we responsible for the ads that are shown on our site? As it is now we have two choices. Make the conscious decision to stick with Adsense, knowing that we could be unleashing something like this on our users and face possible legal action; or leave the program.

It seems to me that the only way to be 100% safe is to have 100% control--which means selling, serving, and constantly monitoring ads. Of course, in doing that, you might face more liability exposure than you do when you outsource control to a third party like Google (which has deeper pockets than you do, and which is responsible for selling and serving the ads in the "Ads by Google" box).

blend27




msg:3324314
 9:22 pm on Apr 27, 2007 (gmt 0)

bwnbwn, I know it does, that is not the point, all thought I have examples of that too.(6700 "blue widgets" links in anchor text puts year old site at # 2 for blue widgets, links are footer links and from none related forum about SEO Friendly Directories)

The point is when Abnormalities as such are reported, Google should pay attention, otherwise we get Featured Home Page Discussions on themes like these.
Ain't that something?

incrediBILL




msg:3324331
 9:57 pm on Apr 27, 2007 (gmt 0)

Let me chime in with a large resounding THIS IS HOGWASH!

a) Google isn't the internet police
b) Malware can be cloaked to hide from Google

LET'S GET READY TO RAMBLE!

It's not just an AdWords/AdSense problem, it's an INTERNET problem.

I'll hazard a guess that some advertisers don't even have a clue because it could be their shared hosting company that is hacked, not the individual advertiser.

For instance, I've been tracking one particular shared hosting company for almost a year now and it's absolutely filthy with hacked customers, people complain all over the 'net about them, but it never changes and they MAY be using AdWords and probably don't know they have malware in their account.

I run a directory with about 35K listings and people using it started to send me a little hate mail with a few of my listings had malware in them. Guess what, it was the above mentioned hosting company that had those hacked sites, which are still hacked. However, I evaluated the sites with the problems and added some basic virus detection to my link checker so now I automatically disable the sites until the viruses are removed.

Since I did it, could Googlebot, Media-partners and the AdsBot-Google check for malware?

Of course they could.

Could the sites being checked, if indeed it was malicious on the site owners behalf, spoof a clean page to Google?

OF COURSE THEY COULD!

I think Google should do virus detection and drop infected sites until they are cleaned but there is no way for Google to ever be 100% sure everything is clean, nor can they crawl fast enough to check everything often enough, nor should they be required to do so.

So the problem becomes a liability issue that if Google does claim to check for viruses and misses some, as the malware code mutates quickly to avoid detection, that they could be open to lawsuits so the best strategy is to be hands-off.

That's why I don't claim to check my directory listings for malware, but do so silently so it's not a claimed feature. I don't even notify the infected parties as it's not my job to get involved except to provide "quality listings" as best I can. But Google, being a big public entity and scrutinized as they are, would be quickly caught when unwittingly infected webmasters on massively infected hosts were penalized and someone figured out what they all had in common.

If Google starts policing the web then companies like McAfee with SiteAdvisor will cry foul as it puts them out of business.

Why?

Because if Google polices AdWords for malware then people will scream they don't police AdSense, then people will scream they don't police the SERPs, the newsfeeds, and on and on, an endless battle.

It's the job of products like McAfee SiteAdvisor, Norton AV, etc. to PROTECT CUSTOMERS from MALWARE, that's why we pay them.

Let each company do it's respective job properly and stop witch hunting for deep pockets to sue because someone gets a silly idea that the bigger fish should expand their role as 'net police and start stepping on the AV companies toes.

jtara




msg:3324344
 10:04 pm on Apr 27, 2007 (gmt 0)

So the problem becomes a liability issue that if Google does claim to check for viruses and misses some

The problem becomes a profitability and survivability issue if they do NOT check. Because eventually, consumers will not trust Adwords, and perhaps not trust Google at all. They will stop clicking on ads, and Google will be done.

Yes, there are users who can't tell the difference between an ad and an organic result. I think, though, most users DO know the difference, and one of the reasons they click more on Google ads than on other ads is that they TRUST GOOGLE.

"It's a Google ad - it must be legit!"

Even for those users who don't know the difference - there is still a high level of trust in Google results.

If consumers lose this trust, Google will lose it's advantage in the marketplace.

You can argue all you want about Google's obligation or lack thereof. It's all moot if this threatens their survival.

This goes for YOUR website, and the websites of everyone else here, as well. A less laissez-faire attitude would seem prudent. When your site makes some protection software go red and users start leaving, you can argue all you want that you satisfied your obligations, and it's not going to make the money come back.

frox




msg:3324380
 10:35 pm on Apr 27, 2007 (gmt 0)

I am firmly convinced that Google will do a very strong move in the anti-malware / anti-virus field soon.

Thing like buying McAfee and giving away their product for free, just to keep their style :-)

And this, not because they love us, but because malware and viruses are the next generation of click fraud.

Done with manual clicking, done with proxy clicking. Just infect a 100.000 PCs so that (without that the real owners know), every time they surf the following happens silently:
1) go to google
2) search for your keyword
3) go to your site
4) have 2% of them click on your ads.

If done smartly, this will generate artifical (fraudulent) traffic and clicks that are unrecognisable from "organic" traffic.

Google cannot really fight this, unless they enter the malware and virus protection arena.

incrediBILL




msg:3324407
 10:58 pm on Apr 27, 2007 (gmt 0)

The problem becomes a profitability and survivability issue if they do NOT check. Because eventually, consumers will not trust Adwords, and perhaps not trust Google at all. They will stop clicking on ads, and Google will be done.

Really?

Just because one fringe article decries the issue doesn't make it a business buster for Google. I've been using Google and clicked AdWords for years and never had a single problem but I can't claim the same from the SERPs.

So why is AdWords/AdSense the spotlight?

Because it's their cash machine.

Why didn't they point out the big infected hosts as an issue?

I'll hazard a guess their pockets aren't deep enough to bother rattling or more importantly their name isn't GOOGLE so it's not a headline.

A less laissez-faire attitude would seem prudent.

If the legal system wasn't so jacked up, judges technically illiterate on the issues, and every ignorant spaz didn't sue for negligence at the drop of a hat I would agree. If Google can silently filter out bad sites from their entire product line, it would be wonderful. But, as I mentioned before, it will probably be noticed and the malware will quickly evolve to avoid them, if they aren't cloaking already.

Besides, I told you I'm already actively filtering for malware, I just don't publicly post that factoid on my site. I don't want the criminals to wise up, nor visitors to think I'm doing anything special that their current AV products should already be doing.

FWIW, my quality filter drops a lot of sites that Google allows in their index. I drop domain parks, sites that mutate become porn sites, virus fingerprints, even certain keywords in their meta tags or redirect URLs can trigger my link checker to suspend a listing. However, I couldn't evaluate 35K sites manually to make sure I catch everything so I do the best I can. Compare the scale of Google with billions of web pages and the theoretical mutations of malware, it's a no-win scenario.

If you have a stupid malware script, it's easy to identify and block.

If you have something a wee bit more sophisticated, which I've run across, the obfuscated javascript is randomized and the only way to identify that it's malware is physically run the javascript and print the result. The results can also be further randomized using domains unwittingly involved in botnets due to 3rd party software vulnerabilities, making it virtually impossible to stop with automation because the fingerprints are rapidly evolving.

I don't just make this stuff up as I was under attack by a botnet for almost 2 months and the sources and compromised sites hosting the files changed daily.

How would you suggest Google address this problem?

So far, the AV people have the best solution as the actual malware download code itself has enough specific fingerprints you can stop it. The problem is having to dissect and track through quite a bit of stuff in the botnet just to get to point you're able to examine the final malware download, and by then it's too late as it's slightly different hosted somewhere else the next day. Been there, tracked it, quite frustrating to keep on top of it and not something I would reasonably expect Google to be doing.

Hosting companies, Open Source software, and webmasters bear a lot of responsibility here, not Google, but that's a whole 30 minute dissertation for a different day.

Besides, why just Google?

Yahoo and MSN sell ads too, you think none of their ads ever point to infected pages?

Of course the other ad networks most likely do link to infected pages, but Google bashing is in vogue as poking a stick at the #2 or #3 players don't make good headlines.

[edited by: incrediBILL at 11:04 pm (utc) on April 27, 2007]

This 43 message thread spans 2 pages: 43 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved