The practice of establishing AdWords accounts for the purpose of passing clicks through a third-party malware distributor has drawn a blame-the-user response from Google.
Google Responds To AdWords Scam Kerfuffle
Google’s bread-and-butter paid search ads had a whiff of acrid spoilage to them after a nasty criminal attack using AdWords accounts became public knowledge.
Criminals used AdWords to direct web browsers through a third party website that attempted to infect the PC. The attack would take advantage of a flaw in Internet Explorer to drop a backdoor and a post-logger onto PCs; the malware specifically looked for credentials for 100 banking sites, according to Exploit Prevention Labs.
Google’s Inside AdWords blog has a new post available, with the company’s response to this egregious abuse of its product. They identified and shut down AdWords accounts linked to these attacks, and are continuing to monitor the situation.
“We actively work to detect and remove sites that serve malware in both our ad network and in our search results,” the post said. “We have manual and automated processes in place to detect and enforce these policies, and products such as Google Toolbar that actively seek out and alert users when they access malicious or suspicious sites.”
It doesn’t look like the processes worked. Exploit Prevention Labs began noticing the criminal AdWords placements on April 10, a full two weeks before Google deactivated the offending accounts. Those ads likely ran for a period of time before Exploit Prevention Labs picked up on them.
Google also gave the usual security advice to people about securing their systems with up to date virus protection, and changing complex passwords regularly. Good advice, but it’s also a deflection from the broader trust issue that people will have with paid search ads now.
Searchers were making very innocuous queries on Google that turned up these malevolent AdWords ads. These were searches that turned up phony ads for the Better Business Bureau and Cars.com, neither of which tend to be associated with the less than prurient sites (as in adult) usually associated with drive-by infections.
The situation is also going to make people who have been hit with attacks like these, without having visited any unusual sites, to wonder if this is how their systems got nailed with a nasty Trojan. This isn’t the first time criminals have tried to abuse AdWords, judging by Google’s stated practice of looking for this behavior.
It’s going to take more than a blog post to engender ongoing trust in paid search ads. Good luck with that.
