Scammers Target Google Ads

Over the past couple of weeks, I have had pop-up ads minimize my browser window and tell me that my computer was infected and urging me to run a virus scanning program I didn’t have. There are several variations, but I captured this one over the weekend:

errorprotector

This has happened to me maybe five or six times when visiting a link to a post at Gone Hollywood and twice (successively) at OTB. I have also had two emailed reports of similar experiences, one from a reader and one from contributor John Burgess.

Ed Burns, who handles most of my serious site maintenance work, has been looking into it and assured me it’s nothing on the site itself, narrowing it down to something being sporadically served up by advertisers. My wife found this story, though, which strikes me as the likely culprit: “Data theft scam targets Google ads.”

Google’s AdSense, which I have used without previous incident for over three years, serves ads to the highest bidder on various search terms. Ads are served based on a patented algorithm which searches the words on a Web site for the best match. It’s eerily effective.

The down side of this model, however, is that anybody can set up an account and bid to serve ads, including bad actors. The MSNBC story linked above is about companies on a phishing expedition to trick users into giving up bank information and the like. Google finds out about these things in short order and plugs the specific security holes. The nature of the technology, though, is that others will come up with new ways to exploit it.

Given that Google provides a significant chunk of OTB Media’s ad revenue and that the risk here is very minimal, I’m not going to disable their ads unless absolutely necessary. The good news for regular readers: This has no impact at all on the home page, as I’m only running Google ads on archive pages. Even there, this occurs incredibly infrequently; I’ve had no more than seven or eight total occurrences on all my sites and I’m updating and checking them hundreds of times a day.

Some good rules of thumb:

  • Any site that runs Google AdSense — which is to say, a huge percentage of all Web sites — potentially have this problem.
  • DO NOT INSTALL SOFTWARE OR GIVE UP SENSITIVE INFORMATION to random computer pop-ups!
  • Keep your security software updated to prevent infections. (This particular one is merely annoying, presuming you don’t install anything.)

We need the death penalty for spammers, virus writers, and the other scum who make the Internet less safe.

FILED UNDER: OTB History, Science & Technology, , ,
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Michael says:

    We need the death penalty for spammers, virus writers, and the other scum who make the Internet less safe.

    But you’re not bitter or anything.

    Seriously though, I have used Firefox for years and it drastically reduces this kind of crap. Recently I’ve been using Ubuntu linux instead of Windows, which has practically eliminated the effects of any of these.

    The article your wife sent you, however, uses a different tactic. It doesn’t install anything, or ask you to install anything, instead they are impersonating legitimate sites, enough to convince user’s to enter their credit card information.

  2. Triumph says:

    One other tip for Firefox users: you can take control of how sites mess with your browser by disabling the scripts that automatically resize and move windows.

    In the Menu bar, navigate to Tools >> Options >> Content >> click ‘Advanced’ (near enable Javascript) and uncheck the option “Move or resize existing windows”.

    Finally, the Flashblock extension is also useful. Many advertisers use flash animation that automatically starts when you surf to a page. Flashblock disables the automatic start and puts a button that you can control to start the flash show.

  3. David Harris says:

    I’m glad to see an explanation. I never reported it to you but did have a similar experience on either the sports or gone hollywood sections. As you said, though, it’s not something that has happened repeatedly. Hopefully none of your visitors have had experiences that would deter them from coming back.

    You’re right, spammers and their ilk are total schmucks.

  4. I’ve been seeing these same issues. What’s more amusing is that the one I’ve seen tells me I have a corrupt registry, even though I’m visiting from Firefox on a Linux box (which has no registry). I considered dropping you a note to let you know it was happening, but it quickly became clear that it was an advertiser and not you, and there might not be all that much you could do about it.

    Still, glad to know you’re aware of the problem.

  5. James Joyner says:

    I have used Firefox for years

    Me, too, although I was getting this on Firefox. As it becomes more popular, I think more people are designing around it. I get a lot more popunder ads than I did a year ago, for example.

  6. Michael says:

    I’ve noticed flash-based ads doing this in Firefox1, which prompted me to install the flashblock plugin. It has a side benefit of making pages with flash-based ads load faster.

    I’ve also noticed some pages/ads using HTML and CSS to float in-page elements above other content. Those are about he only ones that still annoy me, and it’s not clear what can be done about them while still allowing legitimate use of CSS.

    1The flash runtime has the ability to open windows, this is done outside the control of the browser, which is why Firefox and IE popup blocking doesn’t stop them.

  7. Michael says:

    Now all this brought up my curiosity about Browser and OS usage for OTB users.

    I was pleasantly surprised to see that IE accounts for less than 75% of the users, even though 90% of you use Windows. You guys really should try the alternatives: Firefox and Ubuntu Linux.

    Speaking of Linux, I’m disappointed that only 1% of us fall into that category, the same percentage are using Windows 98. Seriously, who still uses 98?

    Strangely, while 9% of users are on Mac OS X, only 6% are using Safari. What gives Mac users? I thought Safari was supposed to be the height of browser perfection?

  8. jeff b says:

    I’ve been using Linux for 12 years and I currently use Ubuntu. I also use a proxy that blocks malicious behaviors and I haven’t seen a popup in eons.

  9. William d'Inger says:

    Strangely, while 9% of users are on Mac OS X, only 6% are using Safari. What gives Mac users? I thought Safari was supposed to be the height of browser perfection?

    I’m a Mac user, and I access OTB via Safari, but that’s only incidental. I use Firefox, Netscape, Opera, Camino and iCab too (and used to use IE and a couple others). In my opinion, the differences between browsers are hardly worth getting excited about, and Safari is definitely not perfection.

  10. McGehee says:

    AdSense has always struck me as a flawed business model in that those who host the ads have to be discouraged, and then penalized if they persist, for encouraging readers to click through.

    I can understand why AdSense has that policy, but if I were an advertiser I would be leery of it; there are alternatives out there that don’t make adversaries of advertisers and the hosts who display their ads.

  11. James Joyner says:

    I were an advertiser I would be leery of it; there are alternatives out there that don’t make adversaries of advertisers and the hosts who display their ads.

    Most ads that pay per click have a Terms of Use that precludes site hosts from clicking on the ads.

    As to alternatives, Google is the 900 pound gorilla of contextual ads. I’ve tried numerous competitors and quickly got rid of them because they weren’t providing much return on the site space they were taking up.