Print 46 comment(s) - last by iFX.. on Nov 19 at 9:38 AM


Google sold ad space to this known malware site with its AdWords service. The oversight indicates Google has little filtering of what it sells links to.  (Source: Maximum PC)
Sale of ads to known malware site an embarrassing slip for internet giant Google

Search giant Google is known for its "do no evil" approach.  It goes to great lengths to protect the environment and it blocks sites on lists of known malware sites from being searched.

However, security researchers made an alarming discovery of a major slip-up for Google.  The site had allowed a known malware site to buy text ads and was placing these ads on its partner pages through its Google AdWords service.  The link was listed as “Antivirus XP 2008,” which led to the URL “” (Don't go there)

Why does this sound a bit familiar?  Well, "Antivirus XP 2008" happens to be the name of one of the most obnoxious malware to be developed in the last year.  The very widespread virus hides itself in users systems.  It pops up to warn them annoyingly with a fake antivirus dialog that their computer is infected with all sorts of bad things and the end may well be nigh -- or so it says.  The whole thing is really a scam, to try to get people to upgrade to an equally fake "pro edition". 

Getting rid of the virus is even more of a pain, as it does have one thing in common with antivirus software -- it regularly connects to the internet and updates itself.  However, unlike AV software, it updates itself to better evade virus scans.

While those familiar with computer security may spot the name instantly, the legitimate sounding Google link likely fooled many users.  The oversight is particularly impressive, considering the malware was listed under its own well known name.

Interestingly, Google searches for the site turned up no results, showing a dichotomy in that Google blacklisted the site from its search, but did not prevent it from advertising.

A Google spokesman responded to the incident, stating, "Google is committed to ensuring the safety and security of our users and our advertisers. As soon as we are aware of any violations of our policy, we work quickly to investigate and remove sites that serve malware in both our ad network and in our search results. As such, we've removed this site from our ad network."

Sure enough the ad was removed.  However, the oversight has left many wondering -- was this an isolated incident or the sign of a bigger problem?  In the end it's rather amazing considering how powerful and savvy Google currently is, that it either has little filtering or has a highly inaccurate filtering system of what sites are allowed to be advertised.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Malwarebytes
By jemix on 11/14/2008 1:32:54 PM , Rating: 2
I'm a PC tech and support close to 1000 people. I've seen computers infected with this software several times. I've always had to re-image the systems. None of these programs; McAfee, Ad-Aware, SpyBot S&D (my previous favorite), Windows Defender were able to clean it.

However, the last time I saw this infection I installed SpyWare Terminator... and it worked.

RE: Malwarebytes
By GaryJohnson on 11/15/2008 12:18:11 AM , Rating: 2
There's always HiJackThis, can it not kill this one?

RE: Malwarebytes
By mindless1 on 11/15/2008 7:16:21 PM , Rating: 2
Part of the problem is the point of infection. Sometimes a system may only be infected with this one auto-updating malware, but all too often the system caught something else which then proceeded to download several different viri, trojans, etc. Many of these are now self-monitoring, in that if a scanner isolates an identified file, a separate process reinstalls that component and vice-versa. In other words an anti-virus or malware scanner would have to identify all of them but do nothing do them yet, instead booting into a separate mini-OS to get rid of them all while they're not running within windows... then if it misses one, just one, the next time the system is on the 'net they all get downloaded and installed again. Wee, fun stuff. There are manual removal methods but 9 times out of 10 if there are several self-protecting malwares it's best to just restore the backup (which we all make, right?) or at worst pull the drive or boot another OS and copy off user data before nuking the OS partition for a clean reinstall.

RE: Malwarebytes
By GaryJohnson on 11/15/2008 9:17:28 PM , Rating: 2
My method is to kill everything I can in MSCONFIG, reboot, look and see what came back, and then go and kill anything associated with those entries in HiJackThis. Reboot, if anything there comes back, then use the delete-on-boot tool in hijack this to delete it.

But if you want to block something from auto-downloading updates while you're trying to remove it... just unplug the ethernet or turn off the access point.

I have seen a virus that prevented you from launching applicatations. Any time you ran anything from windows it would launch some other null process instead. So couldn't run MSCONFIG, couldn't run HiJackThis, even in safe mode. Ended up using the client's restore point on that one.

"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki