CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 19th, 2008

Spam And Malware In Google Ads

Starting last year and until today, there were few exposed cases when spammers used Google pages ads in HTML-formatted emails in order to redirect users who clicked the URL to some bad sites, usually containing both spam and infected software, for example:

http://www.google.com/pagead/iclk?sa=l&ai=MfeNYS

&num=123456&adurl=http://www.infectedsite.com

Many considered a scenario where Google page ads were used to conceal the actual URL and avoid detection by traditional anti-spam techniques. However, it seems one can change the linked URL to point to any site of your choice, especially since no validation appears to be done on Google’s end.

Malicious user could also point the Google page ad to executable files (.exe, .pif. scr etc.) and some malware authors have started doing this and such link will redirect and download the malware without any problems or warnings. Although Google is very strict about the kind of file attachments one can upload/download via their Gmail service, anyone can craft a URL that looks like it belongs to Google (=safe?) and point it to download any software executable file. Here is a simple and safe demonstration:

http://www.google.com/pagead/iclk?sa=l&ai=MfeNYS&num=123456

&adurl=http://fpdownload.macromedia.com/get/shockwave/default/

english/win95nt/10.2.0.023/Shockwave_Installer_Slim.exe

Clicking this link will download Shockwave Player from Adobe Download Center.

Google probably aware of this redirect abuse by now, and it’s hard to understand why they don’t prevent these redirects working for known bad file types or for spam and infected/hacked malware sites.

Share this item with others:

More on CyberInsecure:
  • Malware Torrent Delivered Over Google, Yahoo! Ad Services
  • Southern Connecticut State University Warns Of Data Breach After Web Defacement
  • MLB.com Major League Baseball Website Infected Visitors Through Ads
  • Google Docs Abused In Latest Spam Technique
  • Hacked Blog Spam Pages Promoted In Google News

    • Posted in Google, Phishing | Print This Post Print This Post

    This entry was posted on Wednesday, March 19th, 2008 at 9:52 am and is filed under Google, Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Spam And Malware In Google Ads

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »