Malvertising campaign found on Google Adwords

Google's advertising service vulnerable to cyber-crooks

Malvertising campaign found on Google Adwords
Malvertising campaign found on Google Adwords

Google's popular advertising service, Google Adwords, has recently been declared to be vulnerable to malvertising.

Internet security company Malwarebytes, released a statement a few days ago with a warning of this new malvertising campaign. “Many times these rogue advertisers will abuse legitimate brands to trick people and provide services on behalf of these companies,” read Malwarebytes' warning.

By bidding on popular keywords, through Google Adwords, cyber-crooks can hijack the brand name of a popular company and divert users looking for, for example ‘youtube', to their fake youtube link found at the top of the page as Adwords ads do.  

But users who are so unlucky, or gullible, as to click on the dud-link will be faced with the infamous BSOD, or Blue Screen of Death. The web page presents the user with a page presenting a BSOD  - real BSODs do not come in webpage form. Real BSODs also do not present users with a helpline to call, on the other end of which are scammers urging their victims to spend money on fixes.

Jerome Segura, senior security researcher at Malwarebytes spoke to SCmagazineUK.com on why malvertising was popular: "Malvertising allows you to reach a large audience on top sites that would be very hard to hack directly.” Moreover, Segura added that, simply, malvertising is cheap, "given that only the ads that are displayed to potential victims are actually paid for, via Real Time Bidding (RTB). We've seen CPM (cost per thousand impressions) as low as 30 cents.”

Malwarebytes discovered these scams originated from a couple of domains at the 166.62.28.107 IP address, which traces their location to Scottsdale, Arizona, hosted by GoDaddy.com. Todd Redfoot, the internet company's CISO responded to SC, saying: “We take Internet security very seriously," but that, "we had not received a complaint regarding the domain names or websites in question. We are now conducting an investigation and will take appropriate action, as necessary.”

This particular kind of malvertising tactic has already been reported on by Softpedia, a tech news outlet, when they discovered a similar case involving KickAss Torrent users.

There are more than a million businesses currently using Google advertising; about 95 percent of Google's revenue comes from advertising and it takes up over 30 percent of all online advertising revenue. There's a great deal of scope for this malvertising campaign and what is more is that, a troubling number of those million businesses currently using Google advertising could in fact be those fraudulent malvertising businesses.

Adwords, the internet's largest advertising services work by allowing individuals and business to advertise their copy, based on the user's keyword search. Certain keywords are particularly popular so Adwords uses a bidding system, charging more for the most popular search terms that would gain more visibility. Advertisers pay out when their ads are more successful, garnering more ‘click-throughs' from users who decide on their ads as opposed to other results. Advertisers can also delimit where their ads are seen by excluding IP addresses.

Google spoke to SC on their response to these Adwords scams: “We've allocated substantial resources to stopping bad advertising practices and protecting users on the web.” said the company spokesperson. “Hundreds of our engineers, policy experts and others have dedicated their careers to this work. To protect the safety and security of our users, we stop all ads pointing to sites where we find malware - whether it's spyware, adware or other types of malicious software - and removed 250,000 sites from our network for hiding forms of malware.”

For users, Segura offered some advice on how to avoid these kinds of scams: "Unfortunately, even with the security screenings in place, there will always be a gap that bad actors will try to exploit." But, Segura added, "to protect yourself you need to have the right elements in place, which I like to call the 3As -- namely anti-exploit, anti-virus and anti-malware. It's about proactive and reactive defences combined altogether."

Sign up to our newsletters