December 28, 2005
Malicious software targets Google AdSense ads
It was only a matter of time before a trojan or virus targeted AdSense or YPM for malicious activity, and the time has come. A new trojan horse discovered by an Indian publisher replaces Google AdSense ads with their own ads, advertising sites including dating, sex, viagra and weight loss. This trojan is very recent, because it not only converts regular AdSense ad units, but also the Google AdSense and Firefox referrer buttons into text links.
Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads are incorporated in Google AdSense, the program that lets website owners display ads from Google’s list of advertisers. The Trojan Horse apparently downloads itself onto an unsuspecting computer through a web page and then replaces the original ads with its own set of malicious ads.
Techshout, which broke the story and also has quotes from Raoul Bangera who discovered the new trojan, does not reveal the website that the computer was originally infected from, nor the name of the trojan horse. A quick scan of several security sites does not have any details on this particular threat. However, there have been previous cases of spyware which would overwrite AdSense ads.
The Google AdSense team did not confirm it was specifically a trojan, but did state they believed it was malicious software that Bangera had discovered.
Since the Trojan Horse makes the deceptive ads look like normal Google ads, the program was nearly impossible to detect by the general public. However, Raoul Bangera, an Indian web publisher, discovered the bogus program and contacted the Google AdSense team. Bangera emailed the team a number of cases, including various screenshots, log files of an infected computer and system files as proof. The AdSense team validated the news saying, “We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer.”
There was no mention if YPN or other contextual ads on websites were being overwritten with this as well.
The ad units themselves look extremely similar to regular AdSense ad units, complete with the "Ads by Google", which has replaced the "Ads by Goooooogle" which appears on the majority of regular publisher sites. And looking at the screenshots available at techshout, it appears that it even utilizes the site's own ad unit color theme when it overrides the ads with their own.
More details should emerge over the next few days, particularly how widespread this threat actually is, or if it is a more isolated threat infecting few users. And a note to surfers that if you see types of ads (such as adult ads) appearing in AdSense ad units - that are even branded as Ads by Google - that you could be a victim of this malicious software and that Google isn't actually serving up these types of ads to you.
Posted by Jenstar at December 28, 2005 09:38 AM
TrackBack URL for this entry:
Listed below are links to weblogs that reference Malicious software targets Google AdSense ads:
» Google AdSense Trojan from The PC Doctor
Here’s another Trojan that rakes in cash for those behind it - this one replaces Google AdSense ads that are displayed in the browser on affected machines with ads that generate revenue for those who released the Trojan. If you start seeing adu... [Read More]
Tracked on December 28, 2005 12:38 PM
» Trojan targeting Adsense ads from The Blog Herald: more blog news more often
Struggling to make a living from Adsense revenues? looks like things are going to get a bit harder with Jensense reporting the emergence of the first Trojan that hijacks your Adsense ads inline with ads for other services, and with the user probably be... [Read More]
Tracked on December 28, 2005 04:20 PM
» Adsense Revenue from Unpopular Blog
I promised myself that the first one hundred dollars (and the subsequent earnings too) that I get will go to one of the following organizations that I support: [Read More]
Tracked on December 28, 2005 04:46 PM
Tracked on December 28, 2005 09:06 PM
» Malicious software targets Google AdSense ads from InToSEO
From: http://jensense.com/ It was only a matter of time before a trojan or virus targeted AdSense or YPM for malicious activity, and the time has come. A new trojan horse discovered by an Indian publisher replaces Google AdSense ads with their own ads... [Read More]
Tracked on December 29, 2005 02:03 AM
Haha, that's just funny!
Posted by: Randy Charles Morin at December 28, 2005 11:49 AM
It should be noted that it only affects the infected users. It does not modify the pages on the website. Uninfected people will see the ads properly. Using an updated anti-virus and Firefox are good measures to prevent these.
Posted by: Stéphane Lee at December 28, 2005 03:50 PM
But, why? If these aren't real adsense ads, then they aren't making money from google. If they're viagra ads, and they're able to install software on the user's computer, why not just take over their browser and send them to the viagra site in the first place?
Posted by: TLB at December 28, 2005 08:29 PM
Sending them to a viagra page by default would not have the same conversion as it would be if they were going there by choice.
More, this kind of trojan is supposed to stay under the radar for a longer time, before the user actually realises that his computer is compomised.
Posted by: bobby at December 29, 2005 01:59 AM
i think it is some competitors stunt
Posted by: JK at December 29, 2005 04:23 AM
Well, not to give anyone any ideas or anything, but if the first time someone went to a site they inserted a Salon-style full page ad - not from the site they were visiting but made to look like it - or otherwise made a big bright ad as opposed to just a little adsense-style ad I think that might have a higher conversion simply because the user was seeing a bigger, more detailed ad more often.
Posted by: TLB at December 29, 2005 10:18 AM
Is there a fix for this problem? I noticed this in my e-mail and on the guestt page of our church website that I do.
Posted by: bryan taylor at January 7, 2006 05:00 PM