Spam And Malware In Google Ads
Starting last year and until today, there were few exposed cases when spammers used Google pages ads in HTML-formatted emails in order to redirect users who clicked the URL to some bad sites, usually containing both spam and infected software, for example:
http://www.google.com/pagead/iclk?sa=l&ai=MfeNYS
&num=123456&adurl=http://www.infectedsite.com
Many considered a scenario where Google page ads were used to conceal the actual URL and avoid detection by traditional anti-spam techniques. However, it seems one can change the linked URL to point to any site of your choice, especially since no validation appears to be done on Google’s end.
Malicious user could also point the Google page ad to executable files (.exe, .pif. scr etc.) and some malware authors have started doing this and such link will redirect and download the malware without any problems or warnings. Although Google is very strict about the kind of file attachments one can upload/download via their Gmail service, anyone can craft a URL that looks like it belongs to Google (=safe?) and point it to download any software executable file. Here is a simple and safe demonstration:
http://www.google.com/pagead/iclk?sa=l&ai=MfeNYS&num=123456
&adurl=http://fpdownload.macromedia.com/get/shockwave/default/
english/win95nt/10.2.0.023/Shockwave_Installer_Slim.exe
Clicking this link will download Shockwave Player from Adobe Download Center.
Google probably aware of this redirect abuse by now, and it’s hard to understand why they don’t prevent these redirects working for known bad file types or for spam and infected/hacked malware sites.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.