Print 46 comment(s) - last by iFX.. on Nov 19 at 9:38 AM


Google sold ad space to this known malware site with its AdWords service. The oversight indicates Google has little filtering of what it sells links to.  (Source: Maximum PC)
Sale of ads to known malware site an embarrassing slip for internet giant Google

Search giant Google is known for its "do no evil" approach.  It goes to great lengths to protect the environment and it blocks sites on lists of known malware sites from being searched.

However, security researchers made an alarming discovery of a major slip-up for Google.  The site had allowed a known malware site to buy text ads and was placing these ads on its partner pages through its Google AdWords service.  The link was listed as “Antivirus XP 2008,” which led to the URL “” (Don't go there)

Why does this sound a bit familiar?  Well, "Antivirus XP 2008" happens to be the name of one of the most obnoxious malware to be developed in the last year.  The very widespread virus hides itself in users systems.  It pops up to warn them annoyingly with a fake antivirus dialog that their computer is infected with all sorts of bad things and the end may well be nigh -- or so it says.  The whole thing is really a scam, to try to get people to upgrade to an equally fake "pro edition". 

Getting rid of the virus is even more of a pain, as it does have one thing in common with antivirus software -- it regularly connects to the internet and updates itself.  However, unlike AV software, it updates itself to better evade virus scans.

While those familiar with computer security may spot the name instantly, the legitimate sounding Google link likely fooled many users.  The oversight is particularly impressive, considering the malware was listed under its own well known name.

Interestingly, Google searches for the site turned up no results, showing a dichotomy in that Google blacklisted the site from its search, but did not prevent it from advertising.

A Google spokesman responded to the incident, stating, "Google is committed to ensuring the safety and security of our users and our advertisers. As soon as we are aware of any violations of our policy, we work quickly to investigate and remove sites that serve malware in both our ad network and in our search results. As such, we've removed this site from our ad network."

Sure enough the ad was removed.  However, the oversight has left many wondering -- was this an isolated incident or the sign of a bigger problem?  In the end it's rather amazing considering how powerful and savvy Google currently is, that it either has little filtering or has a highly inaccurate filtering system of what sites are allowed to be advertised.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Don't go there
By quickk on 11/14/2008 1:34:22 PM , Rating: 4
I don't know about you, but I couldn't resist going there after reading "don't go there"!

RE: Don't go there
By jemix on 11/14/08, Rating: 0
RE: Don't go there
By Seemonkeyscanfly on 11/14/2008 3:01:18 PM , Rating: 2
Naw, he just used someone else's computer. Much safer that way.

RE: Don't go there
By quickk on 11/14/2008 3:56:23 PM , Rating: 2
I guess that's what DailyTech did to get the image!

As for me, don't worry, I'm not running windows so I'm not affected.

RE: Don't go there
By borismkv on 11/14/2008 6:51:42 PM , Rating: 5
One of these days that attitude is going to come back to bite you.

RE: Don't go there
By sprockkets on 11/16/2008 12:18:21 AM , Rating: 3
If you try to go there with FF3, it says it is a known attach site and requires another click to go beyond it.

RE: Don't go there
By GaryJohnson on 11/15/2008 12:07:01 AM , Rating: 5
Only if you went there, clicked on 'download', downloaded their executable file, and ran it.

RE: Don't go there
By CU on 11/15/2008 9:36:21 PM , Rating: 3
Not always true. I have gotten this malware twice in the last year now without ever downloading or agreeing to install anything while using FireFox 3.

RE: Don't go there
By CU on 11/15/2008 9:37:29 PM , Rating: 3
I was using XP with admin rights though, but so to most people.

RE: Don't go there
By GaryJohnson on 11/16/2008 5:13:45 AM , Rating: 2
Perhaps from another site, but in the page source for, the only exploitable thing is flash, and only if you have an older, specific version of flash. Which is difficult to have, given that it auto-updates.

RE: Don't go there
By CU on 11/16/2008 2:24:28 PM , Rating: 2
Yes, it was from another site. Just don't know what site.

RE: Don't go there
By on 11/16/2008 7:03:06 PM , Rating: 2
actually, you have to accept the "free scan"

so you are wrong.

RE: Don't go there
By Seemonkeyscanfly on 11/14/2008 2:56:23 PM , Rating: 2
and if you saw a sign saying, "Danger Electric Fence", you'd still have to pee on it because you were told not to pee on the Electric Fence.

Sometimes rules and directions are good....

RE: Don't go there
By Gzus666 on 11/14/2008 4:45:06 PM , Rating: 2
I believe the game is called "Don't Whiz on the Electric Fence" for all you Ren & Stimpy lovers out there, me being one of them.

"Mr. Horse, how did you feel about that?" "No sir, I didn't like it"

RE: Don't go there
By sprockkets on 11/16/2008 12:14:58 AM , Rating: 2
Yeah, when he fell off the building that was on fire, and how they played the music to make it sound like he was an injured soldier, then after being asked, he thought about it to the usual music.

That show has so many good moments.

RE: Don't go there
By KingofFah on 11/14/2008 5:56:27 PM , Rating: 2
"Never put salt in your eyes, never put salt in your eyes, never put salt, never put, never put, put, put, put, put salt in your eyes... Always put salt in your eyes!"

Anyone remember that?

RE: Don't go there
By joeld on 11/15/2008 3:00:58 PM , Rating: 2
Anyone read Harris and Me back in grade school?

RE: Don't go there
By quickk on 11/14/2008 5:29:09 PM , Rating: 2
Interestingly enough, when I first visited the site about 2 hours ago, firefox did not provide any warning about it being malicious.

I checked it out again, and this time I get a red warning page saying that it is a "reported attack site", and the advisory was provided by google.

By Gzus666 on 11/14/2008 10:17:55 AM , Rating: 2
Wow, I like Google and all, but this was a big mistake. Hopefully the at least help nail these douchebags that make this malware.

By Spivonious on 11/14/2008 10:27:38 AM , Rating: 2
I wonder what crime they could be charged with, or would this fall under "caveat emptor"?

By Seemonkeyscanfly on 11/14/2008 10:30:36 AM , Rating: 2
damage of personal property. Both on hardware and software/data.

By Gzus666 on 11/14/2008 10:59:15 AM , Rating: 1
I prefer the "They happen to fall while trying to get into the police car repeatedly" method. Maybe letting us all get a few hits in.

By MonkeyPaw on 11/14/2008 11:08:02 AM , Rating: 2
No better reason for someone to make adblock for Chrome. ;)

By Gzus666 on 11/14/2008 11:15:44 AM , Rating: 1
That would be nice, that is the main reason I use Firefox over Chrome right now.

By foolsgambit11 on 11/14/2008 8:12:57 PM , Rating: 2
Was it a big mistake?

I mean, it's one thing to actively check out searched sites for malware, it's another to turn down money. It may be that they deliberately put 'ensure advertisers aren't evil' low on the priorities list. You know, you want to get around to checking them all out, but it's a big list, and wouldn't you rather be developing Google Goggles or a Bork-bork-bork! language home page than hunting down malware distributors from among your contributors?

Talk about...
By MrBlastman on 11/14/2008 10:04:25 AM , Rating: 3
Extortionists on a mission. I find this quite humorous that Google has fallen ploy to their brilliant exploits. Why piss people off by making them part of a botnet, or installing keyloggers, when you can put a piece of software on their computer that annoys them through FUD while providing the solution to their annoyance on the internet - for a fee!

I must say I did fall victim to a trojan like this in the past and my real, true and only (in my eyes) solution to completely blast it from my system was a complete re-install of Windows in a new directory. It was quite obvious that all the sites advertising for a solution for the trojan were funded and hosted by the makers of the offending piece of software. If you ever see a message pop up asking for Office needing to install a language set or some other addon in order to access the website - run. It was (at the time and is still out there) used to install these spelunking trojans. Alt F4 is your friend (because the boxes don't go away by clicking cancel).

But for Google to fall prey to this - AND the extortionists to PAY for adspace, that is hooliganism at its best. I hope that Google turns over all their information to the Authorities. If they are smart, they probably paid with some pre-pay card or similar untraceable means... If not, we might have another victory in the making. :)

RE: Talk about...
By mikefarinha on 11/14/2008 10:09:03 AM , Rating: 2
I've actually had good luck installing an updated Windows Defender and free anti-virus (Avast!) to remove similar crapware.

RE: Talk about...
By MrBlastman on 11/14/2008 11:36:43 AM , Rating: 2
Likewise - but there are some particularly nasty Trojans out there, super trojans if I might say, which install a suite of different "hooks" - some of which operate independently of each other, and others whom check to see if the rest are functioning or not. If you remove one or two, or all but one, the one remaining one figures out the others are no longer there and *poof*, they magically re-appear after a reboot, or launching of an application.

These are the nasty ones, ones I hope most people never have the displeasure of experiencing. Even after running a removal app there are still lingering effects. The costs of leaving a keylogger installed without you knowing are far to great (granted a netstat -an or LSOF is useful in determining access, as is Windows Firewall or Zone Alarm of old), so really, once you've had a massive dumping of sorts into your system, the only real option is to export neccessary registry keys (the bare essentials), re-install windows to a new directory, import the keys and a few nuts and bolts, delete the old windows install and start fresh.

This is only reserved for the nastiest.

RE: Talk about...
By pakigang on 11/17/2008 4:28:35 AM , Rating: 2
You're talking about the vundos

RE: Talk about...
By nitrous9200 on 11/14/2008 4:19:25 PM , Rating: 2
Malwarebytes' Anti-Malware ( gets rid of the many variants of this crap quickly and easily, in case anyone here decided to go visit that site because they were curious. :) Removing this is one of the most frequent repairs I do in my store, and malwarebytes does the best job of getting rid of it.

By uafanman on 11/14/2008 1:24:54 PM , Rating: 2
I've had good results removing both the 2008 & 2009 variants with "Malwarebytes". So far it's the only program I know of that has any real success with this malware. Definitely worth a try before starting over.

RE: Malwarebytes
By jemix on 11/14/2008 1:32:54 PM , Rating: 2
I'm a PC tech and support close to 1000 people. I've seen computers infected with this software several times. I've always had to re-image the systems. None of these programs; McAfee, Ad-Aware, SpyBot S&D (my previous favorite), Windows Defender were able to clean it.

However, the last time I saw this infection I installed SpyWare Terminator... and it worked.

RE: Malwarebytes
By GaryJohnson on 11/15/2008 12:18:11 AM , Rating: 2
There's always HiJackThis, can it not kill this one?

RE: Malwarebytes
By mindless1 on 11/15/2008 7:16:21 PM , Rating: 2
Part of the problem is the point of infection. Sometimes a system may only be infected with this one auto-updating malware, but all too often the system caught something else which then proceeded to download several different viri, trojans, etc. Many of these are now self-monitoring, in that if a scanner isolates an identified file, a separate process reinstalls that component and vice-versa. In other words an anti-virus or malware scanner would have to identify all of them but do nothing do them yet, instead booting into a separate mini-OS to get rid of them all while they're not running within windows... then if it misses one, just one, the next time the system is on the 'net they all get downloaded and installed again. Wee, fun stuff. There are manual removal methods but 9 times out of 10 if there are several self-protecting malwares it's best to just restore the backup (which we all make, right?) or at worst pull the drive or boot another OS and copy off user data before nuking the OS partition for a clean reinstall.

RE: Malwarebytes
By GaryJohnson on 11/15/2008 9:17:28 PM , Rating: 2
My method is to kill everything I can in MSCONFIG, reboot, look and see what came back, and then go and kill anything associated with those entries in HiJackThis. Reboot, if anything there comes back, then use the delete-on-boot tool in hijack this to delete it.

But if you want to block something from auto-downloading updates while you're trying to remove it... just unplug the ethernet or turn off the access point.

I have seen a virus that prevented you from launching applicatations. Any time you ran anything from windows it would launch some other null process instead. So couldn't run MSCONFIG, couldn't run HiJackThis, even in safe mode. Ended up using the client's restore point on that one.

One more reason I don't use Google or their products...
By iFX on 11/14/2008 11:55:54 AM , Rating: 2
Thanks but no thanks.

By Garreye on 11/14/2008 12:03:25 PM , Rating: 2
I don't use an excessive number of Google products, but the one's I do use I find to be quite good, so I'd be curious to here the rest of the reasons you don't use any of their products...

By Gzus666 on 11/14/2008 4:49:13 PM , Rating: 2
I assume it would go something like "I just don't like them, they are all stupid and stuff". Pretty much probably never used any of them. To damn a company for one stupid mistake is pretty ridiculous, if that was the trend, most companies wouldn't be in business anymore.

By iFX on 11/19/2008 9:38:50 AM , Rating: 2
Apparently you are too thick headed to read the title of my post which alludes that I have many reasons for not using Google products.

Statement from Google;
By Seemonkeyscanfly on 11/14/2008 10:09:20 AM , Rating: 2
Oooops, my bad. Did I do that?

Post Removed
By uafanman on 11/14/2008 1:52:15 PM , Rating: 2
I guess the admins thought I was advertising software and removed my post. I am a first time poster but visit here daily. Just wanted to pass along the only way I've heard of to successfully remove the vicious Antivirus XP 2008. Oh well.

Picture is incorrect
By datacore on 11/15/2008 9:10:14 PM , Rating: 2
The chimp that says Larry Page has the face of Sergey Brin and vice verse. DailyTech didn't make the image but is using the image. Which is dumber?

By Fritzr on 11/17/2008 5:16:07 AM , Rating: 2
Antivirus XP 2008 is easily removed by deleting the executable & emptying your .tmp directories. The headache for the nontechie is finding and resetting the registry flags that remove the ability to change desktop wallpaper & screensaver.

Here's how to put those missing tabs back

By ablecluster on 11/17/2008 9:34:20 AM , Rating: 2
I wouldnt roust Googles feathers if I were you. one day Google is going to rule the world and they will remember! LOL


By Burned on 11/17/2008 12:46:03 PM , Rating: 2
I was on one of those sites that had that Google ad with the malware. No big deal, I use NoScript with Firefox.

By on 11/16/08, Rating: 0
"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki