Malicious software targets Google AdSense ads
December 28, 2005
It was only a matter of time before a trojan or virus targeted AdSense or YPM for malicious activity, and the time has come. A new trojan horse discovered by an Indian publisher replaces Google AdSense ads with their own ads, advertising sites including dating, sex, viagra and weight loss. This trojan is very recent, because it not only converts regular AdSense ad units, but also the Google AdSense and Firefox referrer buttons into text links.
Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense, the program that lets website owners display ads from Google’s list of advertisers. The Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.
Techshout, which broke the story and also has quotes from Raoul Bangera who discovered the new trojan, does not reveal the website that the computer was originally infected from, nor the name of the trojan horse. A quick scan of several security sites does not have any details on this particular threat. However, there have been previous cases of spyware which would overwrite AdSense ads.
The Google AdSense team did not confirm it was specifically a trojan, but did state they believed it was malicious software that Bangera had discovered.
Since the Trojan Horse makes the deceptive ads look like normal Google ads, the program was nearly impossible to detect by the general public. However, Raoul Bangera, an Indian web publisher, discovered the bogus program and contacted the Google AdSense team. Bangera emailed the team a number of cases, including various screenshots, log files of an infected computer and system files as proof. The AdSense team validated the news saying, “We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer.”
There was no mention if YPN or other contextual ads on websites were being overwritten with this as well.
The ad units themselves look extremely similar to regular AdSense ad units, complete with the “Ads by Google”, which has replaced the “Ads by Goooooogle” which appears on the majority of regular publisher sites. And looking at the screenshots available at techshout, it appears that it even utilizes the site’s own ad unit color theme when it overrides the ads with their own.
More details should emerge over the next few days, particularly how widespread this threat actually is, or if it is a more isolated threat infecting few users. And a note to surfers that if you see types of ads (such as adult ads) appearing in AdSense ad units - that are even branded as Ads by Google - that you could be a victim of this malicious software and that Google isn’t actually serving up these types of ads to you.
Posted in Google AdSense
Subscribe RSS
December 28th, 2005 at 11:49 am
Haha, that’s just funny!
December 28th, 2005 at 12:38 pm
Google AdSense Trojan
Here’s another Trojan that rakes in cash for those behind it - this one replaces Google AdSense ads that are displayed in the browser on affected machines with ads that generate revenue for those who released the Trojan.
If you start seeing adu…
December 28th, 2005 at 3:50 pm
It should be noted that it only affects the infected users. It does not modify the pages on the website. Uninfected people will see the ads properly. Using an updated anti-virus and Firefox are good measures to prevent these.
December 28th, 2005 at 4:20 pm
Trojan targeting Adsense ads
Struggling to make a living from Adsense revenues? looks like things are going to get a bit harder with Jensense reporting the emergence of the first Trojan that hijacks your Adsense ads inline with ads for other services, and with the user probably be…
December 28th, 2005 at 4:46 pm
Adsense Revenue
I promised myself that the first one hundred dollars (and the subsequent earnings too) that I get will go to one of the following organizations that I support:
December 28th, 2005 at 8:29 pm
But, why? If these aren’t real adsense ads, then they aren’t making money from google. If they’re viagra ads, and they’re able to install software on the user’s computer, why not just take over their browser and send them to the viagra site in the first place?
December 28th, 2005 at 9:06 pm
Great… Trojan Horse Targets Adsense Ads
…replacing them with ads of the hacker’s choosing. Just when I put the stupid things up….
December 29th, 2005 at 1:59 am
Sending them to a viagra page by default would not have the same conversion as it would be if they were going there by choice.
More, this kind of trojan is supposed to stay under the radar for a longer time, before the user actually realises that his computer is compomised.
December 29th, 2005 at 2:03 am
Malicious software targets Google AdSense ads
From: http://jensense.com/
It was only a matter of time before a trojan or virus targeted AdSense or YPM for malicious activity, and the time has come. A new trojan horse discovered by an Indian publisher replaces Google AdSense ads with their own ads…
December 29th, 2005 at 4:23 am
i think it is some competitors stunt
December 29th, 2005 at 10:18 am
Well, not to give anyone any ideas or anything, but if the first time someone went to a site they inserted a Salon-style full page ad - not from the site they were visiting but made to look like it - or otherwise made a big bright ad as opposed to just a little adsense-style ad I think that might have a higher conversion simply because the user was seeing a bigger, more detailed ad more often.
January 7th, 2006 at 5:00 pm
Is there a fix for this problem? I noticed this in my e-mail and on the guestt page of our church website that I do.
March 27th, 2008 at 10:32 am
[…] Check for blog spam Never got around to getting your Akismet API key? Do it now. Sure, if your blog is new, maybe you have been fortunate enough to only get a handful of spam comments and/or trackbacks on your blog, just enough that you can easily handle it in simple comment moderation. But trust me, there will be a tipping point when the slow trickle will become a flood. Has the flood already hit and you are knee deep in masses of comments awaiting moderation that you are certain legitimate ones are caught up in? Once the key is added, there will be a link to recheck the queue for spam and it will remove the bulk of spam. Think some blog spam might have slipped through unnoticed? Do a search within your Wordpress comments tab, because it will search for keywords not only in the text but in the URLs as well. So do a search for the usual suspects of keywords such as poker, holdem, viagra, cialis, mortgage, loans, debt, payday, xanax, phentermine. That said, don’t go and delete all comments with those keywords without reading them first… they could be completely legitimate comments that are using one of those words for a legitimate reason. […]
June 5th, 2008 at 8:56 am
[…] Google will not allow advertisers with adult content period. Its against policy. You are seeing those ads because your computer is infected with spyware and or a virus. Malicious software targets Google AdSense ads | JenSense […]