http://www.velocityreviews.com/forums/t700...to-malware.html

From "Window Secrets"

By Susan Bradley

The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.

Neither Bing nor Google effectively prescreens these bogus advertisers, so it's up to us to detect and avoid them.

You may recently have used either Google or Microsoft's new Bing search engine to find the popular Malwarebytes Anti-Malware utility. If so, chances are good that the sponsored ads alongside your search results contained links to the very malware that the security tool is designed to remove.

The three largest search sites — Google, Yahoo, and Bing — regularly sell security-related keywords to criminals looking to trick you into downloading and installing fake anti-malware products. The crooks then steal your personal information or hold your system for ransom before letting you remove their malware from your machine.

The search providers have been aware of this for years. To their discredit, they've done little to end the practice, even though it's in their power to do so. The reason? They're making money hand over fist from those sponsored text ads and don't want to kill the goose that lays the golden eggs.

Case in point: A Windows Secrets reader searched Bing for Malwarebytes Anti-Malware. He clicked the first link displayed and ended up on a site that installed a rogue antivirus program on his PC. (See Figure 1.)


Figure 1. Malicious sponsored ads are interspersed with links to legitimate companies when you query search engines for the Malwarebytes security program.

Rather than getting a tool to clean up a friend's infected computer, this Web surfer ended up having to disinfect his own. He and several other people I've heard from recently were hit with the result of search services' selling sponsored links without validating those links' legitimacy.

As search terms become popular, scammers jump at the chance to have their bogus ads appear among the results. To get their deceptive ads into these highly visible search results, these criminals simply buy these high-traffic terms from the search engines.

Big-name sites still serving up malicious ads

Another form of dangerous Web ads appears on otherwise legitimate sites.

WS contributing editor Scott Dunn described a year and a half ago in an April 17, 2008, Top Story infectious Flash ads that achieved space on well-known sites. I also reported on drive-by malware downloads in the June 11, 2009, Top Story. In the most-recent case, NYTimes.com and other established sites hosted malware-infested ads. The New York Times described the attack in a Sept. 14 article.

When malicious ads — or "malvertisements" — enter the rotation on these sites, your system may become infected if you merely view the page. This is especially true if your versions of media players based on Java, Flash, or QuickTime are out-of-date.

It's getting so bad that even top officials at Google acknowledge the problem, though they haven't yet taken steps to halt it. Eric Davis, head of anti-malvertising at Google, stated at the 2009 Virus Bulletin Conference that the industry needs to work together to combat this problem.

As reported by Dennis Fisher on Kaspersky Lab's Threat Post site, Davis called for the creation of an industry clearinghouse that would certify ad servers. Such an organization would allow all search vendors and other sites to use online-ad agencies without fear that a malicious ad would insert itself into rotation.

Microsoft has decided to use the courts as a weapon against malicious advertisers. A Sept. 18 Associated Press article posted on the MSNBC site states that the company is attempting to go after several suspicious ad vendors.

Even using Yahoo or a smaller search index won't prevent such attacks, because second-tier engines have been hit with malicious ads, too, as a Sept. 25 story by Deborah Hale on Incidents.org reported.

Ways to fight back against online attack ads

Following my investigation of the malicious ads on Bing, I contacted the Microsoft Security Response Center, which can be reached via secure at microsoft.com. Within a few days, the offensive ads were removed.

However, searching on the term malwarebytes combined with such words as virus and antivirus continued to return dubious destinations in Bing's sponsored-links section.

The same type of ads appears among Google results when you search on similar terms. Depending on the location you search from, you may see a link to Cyberdefender.com among the results. This company is listed on the hpHosts site as selling fraudulent software.

I reported this site to Google via a Web form on the Google site. But to date, no action has been taken to remove this and related malicious links.

Unfortunately, balancing the scales of justice takes time. What can you do in the meantime to help protect yourself from these malicious ads?

Don't expect flawless protection from your Web browser of choice. Internet Explorer, Firefox, and other browsers now support bad-sites lists, but every malicious ad server may not be known. Nor are browser security add-ons perfect. McAfee SiteAdvisor, for instance, may include results that are up to one year old, as WS contributing editor Mark Edwards reported on Feb. 12, 2009.


If you're not sure, verify the URL. Microsoft and Google have large payrolls, but the search giants don't employ literal armies to review ad submissions. If you're at all suspicious of an ad's legitimacy, check the URL via a service such as hpHosts, which tracks domain names that researchers have reported as malicious.


Help vendors by reporting malicious advertisers. To report bogus ads on Google, e-mail security at google.com. This is likely to be more effective than reporting the site via the search giant's online form. If you discover malware purveyors advertising in Bing's results, e-mail secure at microsoft.com. Yahoo, however, offers only a Security Phishing Report Form.

I do hope that Google, Microsoft, and Yahoo can put their differences aside and correct this situation. In the meantime, be careful when you search and be suspicious of sponsored links. Too many of them are fictitious these days — and dangerous.

It is a sad sorry situation that many regulars of these Forums know about, but less internet-savvy folks may still fall prey to.

As Susan Bradley implies, it is not likely to get better very fast.


Advertising on Website pages is often "entertaining" and colorful, actually making websites "more attractive".
As for me, I'd prefer to not see rotating third-party paid advertisements at all.

Therefore, I use MVPS Hosts File to prevent them from being displayed at all.
Advertising that the Website itself supports (first-party ads) still will display, and all of the regular functionality of the Website is available to the user.

However, in place of the third-party ads, the browser will display small portions of the Website as "Unable to connect..." or "Cannot display..."
This means that the browser is not able to display the advertisement that would have been displayed, because MVPS Hosts File is effectively blocking them.

Small price to pay for increased security against possible accidental infection.

Again however, there is a fine little utility that I also use called "Homer", from FunkyToad.
Sound "silly" but what Homer does is to insert a small color swatch in place of the blocked advertisement.
You can even insert a favorite image/picture of your choice for Homer to display.

Read about and get Homer, here: http://www.funkytoad.com/

In addition to clearing up the clutter, MVPS Hosts File and FunkyToad's "Homer" can actually speed up your browsing, because your browser no longer has to wait to download all those pesky third-party advertisements.

Give it a try.

Known problems?
Yep, there is "one" that I am aware of.
CBS Videos where you can view many of your favorite TV shows, "requires" that you allow their third-party advertisement.
Therefore, you may need to disable ad-blockers when viewing your TV favorites.
That's the only place on the internet that I've found this difficulty... but hey, CBS apparently needs the money too.

Keep up the good fight.

too bad that they sponsor malware >_> i guess that we should just sit and watch and grab some snacks while we stare at the malware forum