 |
| Google Responds To AdWords Scam Kerfuffle |
 |
Criminals used AdWords to direct web browsers through a third party website that attempted to infect the PC. The attack would take advantage of a flaw in Internet Explorer to drop a backdoor and a post-logger onto PCs; the malware specifically looked for credentials for 100 banking sites, according to Exploit Prevention Labs.
Google's Inside AdWords blog has a new post available, with the company's response to this egregious abuse of its product. They identified and shut down AdWords accounts linked to these attacks, and are continuing to monitor the situation.
"We actively work to detect and remove sites that serve malware in both our ad network and in our search results," the post said. "We have manual and automated processes in place to detect and enforce these policies, and products such as Google Toolbar that actively seek out and alert users when they access malicious or suspicious sites."
It doesn't look like the processes worked. Exploit Prevention Labs began noticing the criminal AdWords placements on April 10, a full two weeks before Google deactivated the offending accounts. Those ads likely ran for a period of time before Exploit Prevention Labs picked up on them.
Google also gave the usual security advice to people about securing their systems with up to date virus protection, and changing complex passwords regularly. Good advice, but it's also a deflection from the broader trust issue that people will have with paid search ads now.
Searchers were making very innocuous queries on Google that turned up these malevolent AdWords ads. These were searches that turned up phony ads for the Better Business Bureau and Cars.com, neither of which tend to be associated with the less than prurient sites (as in adult) usually associated with drive-by infections.
The situation is also going to make people who have been hit with attacks like these, without having visited any unusual sites, to wonder if this is how their systems got nailed with a nasty Trojan. This isn't the first time criminals have tried to abuse AdWords, judging by Google's stated practice of looking for this behavior.
It's going to take more than a blog post to engender ongoing trust in paid search ads. Good luck with that.
Retailers Panic Over Google Site SearchGoogle Debunks Link Sabotage TheoriesBeating The Unbeatable GoogleGoogle Sacrifices Clicks To Increase Advertiser ROIDo Not Follow Google's MistakesWhat Do You Think About Paid Links?Google Adwords GuideCutts, Sullivan Weigh In On Paid Links7 Reasons Google's Paid Link Snitch Plan SucksGoogle Launches Additional Tools For AdWords Clients
Comments
spelling
We talked about this, Dave. It's spelled curfuffle.
:-)
You don't listen, do you?
re: spelling
The people have demanded the kerfuffle spelling with the 'ke'. Only pinky raising tea drinkers spell it with a c-u.
Enjoy your beverage ;-)
spelling curfuffle and TEA
A little trivia in amongst the angst of trying to get a free press is good for the soul! But what people have demanded kerfuffle with a 'ke' beginning, ILO curfuffle? Americans? Americans never did know how to spell--or make tea, considering the Boston Tea Party;). Tea is made with BOILING water on top of loose leaf tea--not Lipton's bagged dust; served with milk/cream and suger--not honey. Best tea is Murchie's #10 Blend (Vancouver or Victoria, BC).
....signed, Tea Addict
The people
kerfuffle results on Google: about 512,000
curfuffle results on Google: about 3,110
And no, we never bothered learning how to make tea. We learned how to make bourbon instead. And to drink it without raising a pinky.
Post new comment