Welcome to WebmasterWorld Guest from 220.127.116.11
Is this widespread or a few isolated cases? Pay close attention to your accounts, this started in my account since yesterday!
I didn't setup these accounts and got emails stating some ads weren't approved by Google.
I looked in the credit card billing info area and noticed someone elses credit card info, name and address.
[edited by: GregOne at 4:05 pm (utc) on April 24, 2007]
The funny part is on my desktop I can't access the subdomain adwords.google.com, my comp is probably infected with something nasty.
I'm trying to get rid of that activex remotedesktop installation. Not sure if I did.
IF you know that your system was compromised, I would be inclined to do a format/reinstall. It really is the only way to know for sure you got it all. It can be a complete pain, but so many hacks are so invasive you may never completely get rid of it and even if you do, you won't necessarily know.
I keep an image of a fresh install with all my needed programs already installed for just this reason. I can wipe everything and be back up and running in about 15 minutes.
It's possible your PC was rooted, and a program installed to send your AdWords account info to persons unknown. I wouldn't assert anything this "paranoid-sounding" except for the fact that the entry in your hosts file indicates a specific interest in AdWords.
Report anything else you find to AdWords.
This sounds very serious, and I suspect G will take it seriously.
Hopefully, you're not the first wave of a flood of compromised accounts...
From the sounding here it appears to me to have been done through activeX code on Internet Explorer. I am guessing you use IE, I would personally format reinstall to get rid of all the bad code and then get firefox.
Plus change Adwords password and contact your credit card company as they could have those details as well.
It sets up adgroups and uses common keywords such as business and orbitz, then tries to load the activex component or somehow does, on other computers.
It spreads by installing the activex on the computer that clicks the ad and looking to see if the infected host uses adwords, then does the same to their account.
It's sophisticated to say the least.
[edited by: GregOne at 2:49 pm (utc) on April 25, 2007]
Why is this news?
It's news because of the targeting of the user's Adwords account, and the possibility of this being an automated attack. It could be the first of many, and so it's particularly important for Adwords users to be vigilent at this time.
The campaign was set up to help Content Network accounts as that was turned on and the daily budget was increased to a number that would have produced a 7 figure Monthly payout.