Forum Moderators: martinibuster
Google could avoid future malware attacks carried out using advertisements posted on its Web sites if the company more thoroughly investigated customers of its AdWords system, according to security and legal experts.On April 25, researchers with security software maker Exploit Prevention Labs announced that they had uncovered hard evidence that malware distributors were using advertisements placed via Google's automated AdWords system to infect unsuspecting end-users with virus code.
According to Roger Thompson, chief technology officer at Exploit, based in New Kingstown, Pa., the malware brokers used fraudulent advertisements for legitimate organizations such as the Better Business Bureau to trick users into clicking on the links.
When someone clicked such a link, the ad would redirect their browser through URLs that attempted to automatically download virus programs onto their computers before passing them along to the actual sites that were advertised.
If done smartly, this will generate artifical (fraudulent) traffic and clicks that are unrecognisable from "organic" traffic.
True, a botnet could become a click fraud net, and the underbelly of the net has already done as much.
The problem is that just randomly clicking any old ads doesn't profit someone, it has to be specific ads or ads on a specific site, and that kind of random traffic spikes would probably indicate a problem to Google.
If you wanted to do this properly in stealth mode and not get caught you would have to execute a plan for years to appear organic in nature, to slowly build up fake traffic to click fraud scam sites.
That's why most of them get caught is they get too greedy too fast trying to churn and burn a quick buck before they get caught.
Not saying it can't be done, but most criminals aren't that patient.
I am not an expert on botnets, but here is how it works for me.
I search, I see I click, there is an additional info, so I click, if it tries to install something not good, I block(if have the power) and never comeback to the one above.
Now lets say, you rank #1, so I search and find you, I click, there is an additional info, so I click, if it tries to install something not good, I block(if have the power) and never comeback to the one above.
Now lets say, I care, and let you and where you rank know that I searched and found you, I clicked, there was an additional info, so I clicked, it tried to install something not good, so I blocked(or did not) and That I am never be coming back to the one above.
I search else where. I see you and never click, Ever. Where I searched knows that I did but don’t know why I did not click, hmmm
It must be an antivirus thing again
Since I did it, could Googlebot, Media-partners and the AdsBot-Google check for malware?Of course they could.
Could the sites being checked, if indeed it was malicious on the site owners behalf, spoof a clean page to Google?
OF COURSE THEY COULD!
Could Google enable their advertising partners to help them?
of course they could.
Could Google spoof an IP and compare the indexed page against the one indexed without the spoofed IP?
OF COURSE THEY COULD!
edited-switched order
[edited by: Powdork at 7:50 am (utc) on April 28, 2007]
They would have to come in from a random IP as a normal browser user agent and then Google would be technically breaking the law regarding "Computer Hacking and Unauthorized Access Laws" and that would be doing EVIL, wouldn't it?
They would have to come in from a random IP as a normal browser user agent and then Google would be technically breaking the law regarding "Computer Hacking and Unauthorized Access Laws"
Not if Adword advertisers gave permission as part of their agreement with Google.
[webmasterworld.com...]
Looks like Google is already dealing with the problem:
So the moral of this story is, when Google perceives something as a problem, they can and will take prompt corrective action.
Emphasis on the When Google perceives something as a problem part.
FarmBoy
So the moral of this story is, when Google perceives something as a problem, they can and will take prompt corrective action.
Any responsible company would. In this case, when stuff like this hits the mainstream press, it gets taken care of a bit quicker. ;)
It's difficult to anticipate every negative use of the AdWords system, and I'm sure this caught them by surprise. In the interest of protecting their brand and trust in the system you can bet your bottom dollar they're working on weeding out rogue advertisers even as we speak.
hehehe
So the moral of this story is, when Google perceives something as a problem, they can and will take prompt corrective action.
pageoneresults:
Any responsible company would. In this case, when stuff like this hits the mainstream press, it gets taken care of a bit quicker. ;)
My comment was sarcasm about Google not perceiving MFA's, misleading ads, etc. as a problem and taking action on them. My guess is you probably recognized that.
But that with your comment about "any responsible company would" almost makes it seem like Google responding because this problem is getting bad press somehow earns them the title of being a responsible company.
FarmBoy
