Scammers Target Google Ads
Over the past couple of weeks, I have had pop-up ads minimize my browser window and tell me that my computer was infected and urging me to run a virus scanning program I didn’t have. There are several variations, but I captured this one over the weekend:
This has happened to me maybe five or six times when visiting a link to a post at Gone Hollywood and twice (successively) at OTB. I have also had two emailed reports of similar experiences, one from a reader and one from contributor John Burgess.
Ed Burns, who handles most of my serious site maintenance work, has been looking into it and assured me it’s nothing on the site itself, narrowing it down to something being sporadically served up by advertisers. My wife found this story, though, which strikes me as the likely culprit: “Data theft scam targets Google ads.”
Google’s AdSense, which I have used without previous incident for over three years, serves ads to the highest bidder on various search terms. Ads are served based on a patented algorithm which searches the words on a Web site for the best match. It’s eerily effective.
The down side of this model, however, is that anybody can set up an account and bid to serve ads, including bad actors. The MSNBC story linked above is about companies on a phishing expedition to trick users into giving up bank information and the like. Google finds out about these things in short order and plugs the specific security holes. The nature of the technology, though, is that others will come up with new ways to exploit it.
Given that Google provides a significant chunk of OTB Media’s ad revenue and that the risk here is very minimal, I’m not going to disable their ads unless absolutely necessary. The good news for regular readers: This has no impact at all on the home page, as I’m only running Google ads on archive pages. Even there, this occurs incredibly infrequently; I’ve had no more than seven or eight total occurrences on all my sites and I’m updating and checking them hundreds of times a day.
Some good rules of thumb:
- Any site that runs Google AdSense — which is to say, a huge percentage of all Web sites — potentially have this problem.
- DO NOT INSTALL SOFTWARE OR GIVE UP SENSITIVE INFORMATION to random computer pop-ups!
- Keep your security software updated to prevent infections. (This particular one is merely annoying, presuming you don’t install anything.)
We need the death penalty for spammers, virus writers, and the other scum who make the Internet less safe.