back to article Google sponsored links caught punting malware

Researchers from Websense have caught Google carrying ads punting rogue software that secretly installs malware on the PCs of its users. Recent Google searches for Winrar turned up sponsored links that offer a "spyware free" copy of the widely used data-compression application. Google users unfortunate enough to download and …


This topic is closed for new posts.
  1. Charles Manning

    These will always slip through

    Even if Google checked out the site, downloaded and installed the code, and did everything possible there is still nothing preventing the offenders from changing the software that they serve at a later stage.

    There is nothing anyone can really do about this.

  2. TeMerc

    Slow news day?

    This isn't news. It's so old it almost isn't worth mentioning. But hey, think of all the money Google loses if it like, blocks all the rogue domains.

    Like the ones that are iin just about every single blocklist on the planet. But I guess Google can't figure that out.. I can;t tell you how many times I;ve found sites time and time again that ahve been on a block list or hsts file for days if not weeks and yet Google still allows them to be submitted.

    I'm no ocder but I've been told by people who are that google knows how to do this.

    But like I said, think of all the $$ they'd lose. I'm jus' sayin' tho.

  3. David Farinic

    WinRar with trojan was detected in october directly from winrar site

    In october i was presenting GFI WebMonitor capabilities and 2 days before presentation for some reason i needed to download winrar from oficial site.. guess what

    Kaspersky scanner build in GFI WebMonitor4 detected one version as infected. 2 days later they cleaned it.

    Its too easy to "slip" for any site...

  4. TeeCee Gold badge
    Thumb Down

    Of course they're f***ing liable!

    Someone has to filter this crap out. The ad networks (and Google are by no means the worst offender here) can't say that it's down to the ad providers. In the cases we're talking about here, these are the very scrotes punting the crap in the first place. Any solution that revolves around saying after the fact that you're very naughty boys and that we won't be accepting your nasty ad any more is tantamount to a "fill yer boots" statement to the bastards.

    Let's face it. It's a *serious* risk when you can get screwed by following a link displayed on an allegedly trustworthy site and it's the ad servers that provide the sewer* here.

    Google. Get of your feckin arses and direct some of that innovation to finding a permanent, workable solution to this one. Then share it with the other ad networks**. You'd be doing the web far more of a favour than fannying around with yet another sodding browser that we need slightly less than a hole in the head.

    Why would you want to? Because the other solution is a wide deployment of AdBlock, IEPro and their ilk and if you don't act, everyone else will.

    *Sewer. A fat pipe for sewage.

    **NB: Yes, I know, Not Doing Evil does not oblige you to Do Good, but give it a try anyway.

  5. John Miles

    Google does take down bad ad-links

    Several years ago I inadvertently downloaded some malware via a Google ad-link ( a premium line rogue modem dialer - that dates it). In high outrage I complained to Google and within 24 hrs the link had gone. I've not had a similar problem since, but given the scale of their operation and resourcefulness of offenders some must slip through.

  6. Anonymous Coward
    Anonymous Coward

    Google do this all the time

    99% of the links I follow from Adsernse adverts are for fake/illegal copies of software. I'm sure it isn't Google's fault for not knowing but when I point it out to them they just ignore the emails (money talks I suppose). I just contact Adobe/Microsft etc with the URL pointing out it's a Google AdSense link and the site does seem to disappear (again money talks I suppose).

    Where's the evil Google icon ?

  7. Jack Harrer
    Thumb Down

    Simple, really

    As always, hit where it hurts. Take a deposit for a whole month run of ads if it's a new unproven company - in case of problems - ban a company and keep a deposit. When it becomes expensive, it'll stop.

    Same with bot herders. Start killing their DNS entries and name and shame their ISPs, it'll become more and more expensive, thus less worthwhile.

  8. Loki

    Difficult to point the finger at Google...

    ... when doing so would imply The Pirate Bay is also in the wrong. Both will say they dont directly host the content and just supply links.

    So those who are getting up in arms against google... well, hope you dont use Bittorrent for anything *gasp* illegal.

  9. Bob Bramwell

    Is it really that simple?

    The trojan changes the hosts file? How? On any system (non-Windows) I've ever used the hosts file is not writable by a lowly user. So how does this work? Are people at risk using versions of Windows that don't have this simple protection? Are they logged in as "administrator"? Do downloads run with extra privileges? What?

    I accept that all systems have security holes but if it is really that simple to punch through a Windows system it's no bloody wonder they are such a problem.

  10. Ian Borge

    Been going for years

    Try googling Antivirus 360, 3 of the 4 offerings on Sunday were for the scumware itself. For those who aren't yet aware, AntiVirus 360 is -more or less- the new incarnation of those old favorites AntiVirus XP, 2008 & 2009. even offered to sell you a copy. Google updated it now, but still, it shows a cash first, then check it philosophy from Google which, to be fair, they've always had.

  11. KarlTh


    You'd be amazed. Most people don't know how to configure their system and indeed run as administrator. Even in corporate environments where one of two things happen:

    1) Lazy admin find it easier that way

    2) Pompous management insists they have admin rights, and the culture of demanding it flows down to everyone on a higher grade than the underpaid and underavalued administrators who have to kowtow.

    The real joke is all the people who thought they were so clever in turning UAC off on Vista and then running as Admin because UAC was "a pain". A number of chickens are coming home to roost now on that one. This latest IE flaw is a case in point.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021