Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Text Ads For Known Malware Sites

kdawson posted more than 5 years ago | from the not-evil-no-sir dept.

Google 110

notthatwillsmith writes "We all know that Google purges known 'attack sites' — sites that deliver viruses, spyware, or other malware to visitors — from its index of searchable sites, but that doesn't stop the text ad giant from happily selling ads linking to those sites. One wouldn't think it would be any more difficult to cross-reference the list of purged sites with the list of advertisers than it was for the main search index, would it?" To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

cancel ×

110 comments

Sorry! There are no comments related to the filter you selected.

Like goatse (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25759687)

They linked me to goatse [goatse.cz] yesterday!

Notify the end users (2, Interesting)

Anonymous Coward | more than 5 years ago | (#25759723)

Surely it wouldn't be beyond the wit of man for Google to replace ads with warnings that the site on which the ad is being viewed is suspect?

Re:Notify the end users (5, Insightful)

larry bagina (561269) | more than 5 years ago | (#25759769)

That might viloate the google/website contract. Howewver, that's not the issue here. Google is running ads with links to malware sites, not ads on the malware sites (though they probably do that too).

Re:Notify the end users (1)

RulerOf (975607) | more than 5 years ago | (#25759861)

It wouldn't be too far of a jump to assume that voluntary termination is a clause they hold quite dearly in their side of that contract.

What Google should really be responsible for... (5, Informative)

Moryath (553296) | more than 5 years ago | (#25759963)

Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

Re:What Google should really be responsible for... (2, Interesting)

causality (777677) | more than 5 years ago | (#25760157)

Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

That's one thing I don't understand: If I can either refuse to send an HTTP Referrer header or forge it to always point to the site's index page (I use the Firefox RefControl extension but there are others that do the same), certainly Google can do this and avoid that entire set of problems. In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of a user it's useless or nearly useless; if I thought Webmasters needed to know the site I went to before I visited theirs, I would send them an e-mail to tell them.

Re:What Google should really be responsible for... (1)

Chaos Incarnate (772793) | more than 5 years ago | (#25760271)

In fact I've yet to see a good argument for why there even is such a thing as a referrer header or what benefit it's supposed to provide. I can definitely see why advertisers like it, but from the point of view of a user it's useless or nearly useless; if I thought Webmasters needed to know the site I went to before I visited theirs, I would send them an e-mail to tell them.

It's useful for bandwidth control; if some other site is leeching content, you can block/redirect requests from that referrer.

The only real alternative at present (that I'm aware of) is to replace any images or files with something that's harder to inline into another site's content like a Flash gallery. We've already gone too far that way; no need to give sites another excuse.

Re:What Google should really be responsible for... (1)

smoker2 (750216) | more than 5 years ago | (#25760845)

A lot of cgi is protected by not accepting connections from anywhere other than the localhost, because you don't want people accessing scripts in ways other than those you expose. As a first line of defence it's quite useful. You must be able to control the input as much as possible. None of my mySQL DBs are accessible outside localhost for example (although that doesn't rely on headers, it's hard coded in the connection string).

Re:What Google should really be responsible for... (1)

makomk (752139) | more than 5 years ago | (#25761005)

A lot of cgi is protected by not accepting connections from anywhere other than the localhost, because you don't want people accessing scripts in ways other than those you expose. As a first line of defence it's quite useful. You must be able to control the input as much as possible. None of my mySQL DBs are accessible outside localhost for example (although that doesn't rely on headers, it's hard coded in the connection string).

Yeah, but you can't safely do that using the referer header, since the attacker can send anything they want (including localhost). You need to look at where the connection is actually coming from.

Re:What Google should really be responsible for... (3, Interesting)

Anonymous Coward | more than 5 years ago | (#25760167)

Google should really be responsible for testing its own links and purging/fixing the latest scam, "referrer redirect" hijacks.

It's a form of attack wherein a hijacked website works correctly... as long as your Referrer string doesn't include certain key words ("Google", "Yahoo", "MSN", etc). The trick being, the website won't know they have been hacked because if they get a notice saying they have, then test their own homepage directly, it still works. If you have a referrer, you get redirected to a drive-by download page (for something like "Windows Antivirus 2009" or similar).

Why is this insidious? Because it gets around a lot of the "known registry", "anti-phishing" plugins.

Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

Nice idea but impossible. I work in google adwords qualified company and we ourselves create thousands of google ads per day. And we aren't the largest company in the country by any means. And the country is smaller that most states of USA...

The amount of ads is mind boggling.

Google employees checking every single one periodically? That is impossible. Also, why not demand that Youtube employees would watch through every video?

Now... Did Google do something wrong? Perhaps. If they delivered ads to location they had already banned from search. And I know they do - As I have managed some MFA (made for adsense) sites that Google redeemed "Worthless ad sites that users don't want to get to" (and they were correct, sure. But Well, I needed money. It worked.). Buying users there through adwords keeps working even after the site gets +100 filter in organic results.

Re:What Google should really be responsible for... (1)

TheMidnight (1055796) | more than 5 years ago | (#25761941)

Google employees checking every single one periodically? That is impossible. Also, why not demand that Youtube employees would watch through every video?

Don't give Viacom any bright ideas [cnn.com] ...

Re:What Google should really be responsible for... (0)

Anonymous Coward | more than 5 years ago | (#25760219)

We are also assuming that, when registered, this malicious site was in fact malicious, rather than a dummy page set up for a month or so, then unleashed at a later time (after adwords had been established)

Re:What Google should really be responsible for... (4, Interesting)

zacronos (937891) | more than 5 years ago | (#25760671)

Google served up the link; they should have a responsibility to do a periodic check that the links they serve aren't going to a bad place, and inform the victim if they've been referrer-redirect hijacked.

That's easier said than done. Here are some reasons:

  • The page was almost certainly clean when the ad was set up.
  • What if they use a database of known ip addresses (such as those available for free for PeerGuardian [phoenixlabs.org] ) to attempt to avoid attacking a Google ip address, rather than looking at the referrer?
  • Many of the redirects are much more sophisticated today -- they don't do a server-side redirect request, they send some javascript to make the browser do a client-side redirect. That makes things difficult because now your spider must include a javascript interpreter.
  • What if there's a 10-second delay before the redirect? If your spider leaves the site too soon, it'll never know. In contrast, many users would likely still be on the page after 10 seconds.
  • What if the attack is only initiated as a result of some particular sort of user interaction, like a click on the page (similar to much of today's popup code)? How do you reliably test for all possible variations on that?
  • How often do you test the links? Once a day? That'll take a lot of resources for someone as big as google. Once a week? On average that means a site will have 3-4 days in the wild before they even get checked, and that frequency still might take a lot of resources.
  • What if, even after all that, the page only attempts to attack one out of every ten opportunities? Even if you check the link periodically, and are able to duplicate the circumstances necessary to trigger the attack, you may not catch the attempt until you've tested the page several times. At once a week checking each link, that would mean on average a month or more in the wild.

Re:Notify the end users (0)

Anonymous Coward | more than 5 years ago | (#25764727)

However, that's not the issue here. Google ran an ad with a link to a malware site, not ads on the malware site

There, fixed that for you. This ad was also removed after Google was notified. This was not only explained in TFA, but also TFS.

Responsibility (-1, Troll)

mfh (56) | more than 5 years ago | (#25759725)

At some point, Google is going to have to pony up for turning a blind eye on these shenanigans.

Re:Responsibility (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25759805)

Typical american mentality of suing for everything.

Re:Responsibility (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25760013)

Typical anti-american attitude.

If it moves, sue it.

Re:Responsibility (5, Insightful)

Sir_Dill (218371) | more than 5 years ago | (#25759887)

If you bothered to RTFA you would have found out that the authors were only able to cite one example for which Google "ponied up" by removing the offending ad as soon as they were notified. Hell if you bothered to read the summary you would have seen that.

That doesn't sound like a blind eye.

Quit trolling

Furthermore its a fine line between due diligence and big brother. Especially in in today's internet climate. I am not surprised that the group doing the adwords doesn't know enough about the group doing the filtering to be able to filter automatically. Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.

It would be interesting if the bloggers that posted this "poke the big guy piece" had more than just this one incident. It would also be interesting to know how many other sites have been removed. If this was the first and they are now going to be crosschecking, then it shouldn't happen again.

Re:Responsibility (2, Informative)

jorghis (1000092) | more than 5 years ago | (#25760049)

Its very easy to say Google should know what Google is doing but we all know that interdepartmental communications in large companies sometimes don't work all that well.

/sarcasm on
Yes, I am sure that with all the smart people at google it never occured to ANYONE that maybe it would be a good idea to use that spam/malware site filter on adwords. Its not like those are two of the most well known groups at Google or anything. /sarcasm off

Google has been selling ads to link farms forever even though it (attempts) to filter them out of search results. It is their policy to do so even though they do everything they can to lower their rank in regular search results.

It would be easy for them to do so but they choose not to do it. Come on guys, if Google filtered and MS did not everyone would be ranting about how MS is promoting malware and spam to make a quick buck.

Re:Responsibility (1)

halcyon1234 (834388) | more than 5 years ago | (#25760649)

One thing I can never figure out: Gmail's spam filter is awesomely amazingly accurate. In the years I've had my gmail account, I think maybe 3 spams have made it through, and I've had 0 false positives.

Given that, why can't they apply that same well-learned spam filter to their ad words? An email subject line and an ad-words tag line are not all that dissimilar. It might cut down on the 99.9% of crap that comes through along the lines of "make 40k per month", "looking for [insert term]? find it here!", and "natural herbs online that pharmacy don't want you to know about!"

Unless there's one of those "things" going on. Maybe Google is perfectly capable of filtering them out, but they chose not to. They know that their adwords are unobtrusive to most, and blocked by the rest-- and maybe they know that their spammy ad words don't actually generate any significant business. So they gladly allow them, knowing the ads are worthless-- but will gladly take the spammer's money.

It'd be a beautifully perverse poetic justice: the spammers are shelling out cash hand over fist to buy a worthless product because they perceive it will earn them tons of cash. =)

Re:Responsibility (1)

mfh (56) | more than 5 years ago | (#25761781)

Unless there's one of those "things" going on. Maybe Google is perfectly capable of filtering them out, but they chose not to.

Claiming to do no evil since day one is more profitable than conceding a loss to Satan's forces and being honest. You have to tell the truth to get out of Hell. Remember, we're dealing with Double Click here, not just Google. They are one-and-the-same.

Re:Responsibility (1)

mfh (56) | more than 5 years ago | (#25761559)

Well thanks for the mod bomb. But I don't care if this also gets -1 Troll. Google rakes in cash and doesn't care where they get it from. They sell our information to THE HIGHEST BIDDER.

Most of the people interested in buying information from Google, use that info for nefariously shady dealings.

There is no coincidence that Double-Click and Google are one and the same.

Do no evil? LOLOLOLOLOLOLOLOLOLOLOLOLOL

Re:Responsibility (1)

Mister Whirly (964219) | more than 5 years ago | (#25763513)

Maybe Google should change their motto to "Do slightly less evil than the other guy."

Re:Responsibility (1)

RenderSeven (938535) | more than 5 years ago | (#25764509)

LOLOLOLOLOLOLOLOLOLOLOLOLOL

Just checking... is that "Laughing out loud out loud out loud out loud" or "Laughing out laughing out laughing out laughing out loud"? :)

Is there a demand for guides in the bad places? (4, Interesting)

BenEnglishAtHome (449670) | more than 5 years ago | (#25759731)

I wonder if there's a demand for a search engine that specializes in taking you to all the "bad places" on the 'net. What if a search engine indexed everything that others don't - hate sites, porn, spam markets, malware, everything - with the disclaimer that "You'd better not use us to get to any sites unless you've got a really hardened workstation and you're willing to assume all the risks"?

There have been times when I could have used such a thing; I'm wondering if the same is true for anyone else.

Re:Is there a demand for guides in the bad places? (3, Informative)

qoncept (599709) | more than 5 years ago | (#25759789)

http://astalavista.box.sk/ [astalavista.box.sk]

Re:Is there a demand for guides in the bad places? (1)

geminidomino (614729) | more than 5 years ago | (#25760165)

box.sk has a porn search!?

Re:Is there a demand for guides in the bad places? (2, Insightful)

wild_quinine (998562) | more than 5 years ago | (#25760447)

http://astalavista.box.sk/

Yeah, that used to list the bad places. Now it mostly lists the awful ones.

Re:Is there a demand for guides in the bad places? (1)

wjh31 (1372867) | more than 5 years ago | (#25759799)

i have to wondwe why you might want one of those unless you were after to proove rule 34, or were a racist, unless you were maybe doing some research into such things, but besides, i wasnt aware that google filtered out porn or hate-sites

Re:Is there a demand for guides in the bad places? (1)

Ravon Rodriguez (1074038) | more than 5 years ago | (#25760841)

It doesn't. in fact, Google image search is an excellent source of free pr0n

Re:Is there a demand for guides in the bad places? (3, Interesting)

BenEnglishAtHome (449670) | more than 5 years ago | (#25761059)

i have to wondwe why you might want one of those

Fair question.

In my day job I work for the Internal Revenue Service. Years ago, I helped prototype a "lead development" process looking for tax non-compliance in entities that promoted themselves online. (Nowadays, that's everybody but not back then.) We started out looking at porn, hate peddlers, and rogue CPAs who dispensed bad advice (whatever you wanted to hear) for hefty fees. The CPAs were easy to find but the porn and hate guys? Not so much. You'd be surprised how many wholesome Midwest couples supplement their income by making beast porn and not paying taxes on their receipts. And if you think any of the white supremacist groups or similar wack-jobs out there actually comply with tax laws, I would like to tell you different.

The problem was that when we tried to find these dodgy porn sellers and hatemongers, they were tough to find. A search engine that actually had useful results would have been a good thing.

In other matters, I can remember when cjb.net was filled with not just awful porn but also cracker sites containing useful nuggets of tech information. They were also infested with whatever malware was around. At that time (What was it? About 5-8 years ago?), Google did index them. But I can easily imagine a need to get to similar neighborhoods today and finding that search engines are reluctant to point you to their malware-laden pages.

It hasn't been my job to poke around in such places for a long time but I think it's obvious that there are legitimate reasons to do so.

i wasnt aware that google filtered out porn or hate-sites

Google doesn't filter much. I know that there are lots of sites that simply don't appear in their results but I have no idea whether Google purges those sites because of potentially illegal content or if the sites themselves are opting out of being crawled. But no matter the cause of non-appearances, there still don't seem to be any search engines I know of that do a good job of indexing the content they have for these types of sites.

For example, in the situation I described a couple of paragraphs ago we found that the hate sites were very hard to track until we realized that long before we got interested in them, there were other people (namely, their victims) who had a huge interest in cataloging them. The Anti Defamation League catalog of hate sites was a gold mine, an absolutely invaluable resource. They had compiled their catalog by talking to victims and dealing with the bad guys. Trying to compile the same sort of catalog from Google results would be very, very difficult. (To be fair, back when I was doing this I mostly used HotBot and NorthernLight; this isn't a Google-specific complaint.) We started from the ADL catalog and spidered out from there, essentially building our own search database. It would have need nice if someone else had already done the work for us.

Besides, what's wrong with occasionally proving Rule 34? :-)

Re:Is there a demand for guides in the bad places? (1)

wjh31 (1372867) | more than 5 years ago | (#25761957)

well thank you, that's very interesting/insightful, although ive yet to figure out how to 'mod up' in such a manner

give 'em a break (4, Insightful)

v1 (525388) | more than 5 years ago | (#25759739)

To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?

This is NOT "stuff that matters"

News flash! Local traffic cop overlooks jaywalker. Corruption, or honest mistake, you decide!

Re:give 'em a break (4, Insightful)

Joce640k (829181) | more than 5 years ago | (#25759853)

You can't expect them to check every single link on every single page in real time.

I could easily set up a page that waits for a visit from the google page-checker then modifies itself to contain bad stuff. That would give me a window of attack.

Re:give 'em a break (1)

onedotzero (926558) | more than 5 years ago | (#25764523)

Or, you could serve Googlebot different content to that which you serve other agents (cloaking: blackhat SEO 101).

the cop parable (1)

Teferison (1403841) | more than 5 years ago | (#25759973)

Taking the local traffic cop a step further:
How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?

Re:the cop parable (1)

Jellybob (597204) | more than 5 years ago | (#25760043)

I'd be pissed off.

Everyone else can tell me where the local dealer is without me having to pay them for the information ;)

Re:the cop parable (1)

FrozenFOXX (1048276) | more than 5 years ago | (#25762201)

Taking the local traffic cop a step further: How would you react if you knew a cop received money to direct you to an dealer, although that dealer is wanted by the same police department?

I'd start to wonder why a police officer was directing me to a drug dealer. Actually, my first reaction would be, "What the hell is a cop doing talking to me?" I don't think the analogy is working as intended.

Re:the cop parable (1)

Teferison (1403841) | more than 5 years ago | (#25764831)

True the analogy is not working 100%, but what I wanted to say, is that google is doing more then "overlooking" malware. They are advertising these sites, thus making money with those ads. I don't want to imply that they do this deliberately, but it's not an oversight, they could and should automatically compare the advertisers with their malware black lists.

Re:give 'em a break (4, Insightful)

jorghis (1000092) | more than 5 years ago | (#25760105)

You guys are missing the point. Its not a matter of humans checking each link and making an oversight. Its a matter of Google accepting ads from sites that its magical filtering system knows for a fact are spam sites/link farms/malware etc. If they didnt accept ads from sites that their database knows to be not so great websites then there wouldnt be any oversight. Computers dont make oversights so the only way this could have happened is if Google decided to apply a different standard for filtering their advertisers than they do to regular webpages.

Re:give 'em a break (1)

maxume (22995) | more than 5 years ago | (#25760807)

So a bunch of people are concerned that Google has too much information and will combine their databases in ways that are hostile to users, and a bunch of other people are concerned that Google isn't doing a good enough job combining their databases?

Re:give 'em a break (1)

geminidomino (614729) | more than 5 years ago | (#25760183)

Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?

If one were so inclined, one might, without any conspiracy theory or other leaps of unlogic, consider "one instance" to be "the first time they got caught,"

Re:give 'em a break (0)

Anonymous Coward | more than 5 years ago | (#25760499)

I totally agree. The story is tagged "whocares" which sums it up nicely.

I thought that some users getting stories before the general audience was supposed to improve the overall quality of stories?

Re:give 'em a break (1)

lazlo (15906) | more than 5 years ago | (#25760745)

Actually, Google probably just realized the truth: People actually click on search results. Ads, not so much.

Eliminating the malware from search results is far more important.

Re:give 'em a break (0)

Anonymous Coward | more than 5 years ago | (#25760939)

Arresting or ticketing a jaywalker is NOT the proper role of the police. What possible harm can I cause others when I jaywalk? Get blood on the hood of their car when they run me over?

Ticketing the jaywalker is corruption.

Re:give 'em a break (1)

hmar (1203398) | more than 5 years ago | (#25761113)

The next time you get rear ended because you stopped short to avoid some idiot walking out in the street, remember that he couldn't possibly cause any harm.

Re:give 'em a break (0)

Anonymous Coward | more than 5 years ago | (#25761739)

Yeah, but here's another oversight made:

http://www.antiad.net.cn/winrar.htm

Don't download the file from that site. It should be pretty obvious why, considering it disguises itself as CNet's own site. But this is found when you simply type in winrar on google. I fell for it because I'm a complete retard, but it's also an advertised site on google. Dangerous stuff.

Note: the file is just a dumb malware hack that overtakes the \etc\hosts file and all attempts to go to major sites like facebook and google redirect you to a fake, engrish hack of microsoft's site telling you to download their antispyware app. Thing is, it got through on the back of the installation of what I thought was a legitimate copy of winrar. Winrar still worked, but damn was that annoying. Lesson, don't trust google ads. And don't be an idiot, like me.

Re:give 'em a break (0)

Anonymous Coward | more than 5 years ago | (#25762741)

To be fair, the article says that Google shut down the ad when notified of it; and no other examples of linked malware are offered. Was this a one-time oversight?

Given the amount of business Google gets, how can you possibly consider one instance anything but an oversight?

But they have done it many times before. Here's a sampling:
http://revealingerrors.com/tags/google [revealingerrors.com]
http://www.google-watch.org/evilgoo.html [google-watch.org]
http://e-strategyblog.com/2008/10/michele-bachmanns-geo-targeted-google-attack-ad/ [e-strategyblog.com]

Smoke, no fire (2, Insightful)

Sneftel (15416) | more than 5 years ago | (#25759759)

A one-time oversight? Probably not. Look, domain names are not exactly made of gold. It is entirely possible for an advertiser to create a domain name specifically and solely for the purpose of advertising on a particular ad network. That means no chance for Google to match it to its blacklist -- the site isn't in the blacklist anyway, or anywhere else for that matter. There's no need to SEO a link you're paying to advertise, after all. That's probably why the link doesn't come up in Google: Nobody links to it, nobody talks about it, nobody's SEOed it.

Bottom line: Without a human eyeball checking each submitted ad, and a team of investigators checking each suspicious-ish looking one, this sort of thing is not going to get caught until it's reported. Google isn't going to be our nanny in this regard. Oh well.

Re:Smoke, no fire (1)

Zerth (26112) | more than 5 years ago | (#25760041)

Exactly, just because Google blacklists malware sites does not mean that all sites that aren't indexed by Google are malware sites.

That said, "antivirus pro 2009" and several other variations used to be advertised a few days ago, as well. I had to clean that crap off a machine in a remote office because the user got nailed by some fake UPS spam and our corporate antivirus(McCrappy) didn't prevent the install and didn't see the infection on the daily scan, only blocked the IE hijacking.

GoogleAds should moderate themselves more. (2, Interesting)

gapagos (1264716) | more than 5 years ago | (#25759773)

I wrote a paper on the Ukraine/Russia 2005 gas crisis for university, and I summarized my paper on my blog.
Just for kicks, one day, I tried adding an Ad-Sense banner on my blog. Googlebots saw that my article talked about Ukraine & Russia. You know what google ads showed up?

"Meet and marry Ukrainian girls!!"
"Hot, sexy Russian women looking for single american guys!!"

Useless to say I immediately removed all google ads right away. My blog is now back at 100% Ads-free. Not that I would get any revenue from it anyway.

Re:GoogleAds should moderate themselves more. (1)

wjh31 (1372867) | more than 5 years ago | (#25759823)

i thought it was possible to select what kind of content you were ok with having in your hosted google ads, i.e able to choose not to have anything mature advertised on your site

Re:GoogleAds should moderate themselves more. (1)

gapagos (1264716) | more than 5 years ago | (#25759897)

I looked into it and I don't recall this... I recall being only able to block specific websites from showing their ads.
But who knows how many of those "marry a russian" scam artist websites exists, and where they are really located.
Because you know they're scam sites right, not just poor taste websites.
They try to create a love relationship with the "client" by email, and eventually ask the client to pay for the Russian women to take an airplane and visit him in person so that they can finally meet. Of course, no lady ever existed, and once the money is sent, the scammer runs off very happy. :-)

Re:GoogleAds should moderate themselves more. (0)

Anonymous Coward | more than 5 years ago | (#25760145)

Tell my mother-in-law that.

Seriously. Some of these are scams, but there are also real genuine people getting married to real genuine people through weird international hookup things.

Re:GoogleAds should moderate themselves more. (1)

geminidomino (614729) | more than 5 years ago | (#25760197)

I'm glad they gave you net access in the pokey, Hans...

(What? Too soon? :) )

Re:GoogleAds should moderate themselves more. (0)

gapagos (1264716) | more than 5 years ago | (#25760201)

by Anonymous Coward on Friday November 14, @09:45AM (#25760145)

Tell my mother-in-law that.
Seriously. Some of these are scams, but there are also real genuine people getting married to real genuine people through weird international hookup things.

By Anonymous Coward? Sounds like one of these scammers found my comment! :-D

Re:GoogleAds should moderate themselves more. (1)

jonbryce (703250) | more than 5 years ago | (#25763965)

One of the sites I visit on a regular basis is a site called housepricecrash.co.uk . It is a site for people who think real estate is going to fall in price.

The google ads on that site are mostly for property investment clubs, which is the last thing their readers are going to visit.

Not evil enough (0)

Anonymous Coward | more than 5 years ago | (#25759779)

Sorry, this is just not evil enough, and looks more like an oversight. Post something about Microsoft instead if you want to post evil things companies do.

Re:Not evil enough (1)

postbigbang (761081) | more than 5 years ago | (#25760123)

No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.

Re:Not evil enough (1)

genner (694963) | more than 5 years ago | (#25760227)

No, it's an instance of blind push advertising. It's like a Coke sign in a crack house.

How is that blind?
Crack heads get thirsty too.

Re:Not evil enough (1)

postbigbang (761081) | more than 5 years ago | (#25760281)

They're not your more ideal customer....

Re:Not evil enough (1)

slash.duncan (1103465) | more than 5 years ago | (#25760675)

Hmm... within context, which Coke? =:^)

But really, as long as the customer isn't causing image problems for a company, most don't and shouldn't care /where/ their customers come from, or /what/ else they may do or buy or whatever.

And realistically, a Coke sign in a crack house is likely to have been ripped off from a bar or some such (maybe the bar tender was a customer and traded the Coke sign in for a hit?), or maybe somebody just thought it looked cool and bought it, like any of the other thousands of such signs folks have in their rec rooms or whatever. It's not like Coke likely had anything directly to do with it being there, other than licensing the use of its trademark to the sign maker and retailer, etc.

IOW, the Coke sign in the crack house is likely about as relevant as the Nike swish and the Just Do It logo (and yes, I'm aware of the double entendre, tho I noticed it /after/ I chose the example) on the addict's tee-shirt -- the one they pulled out of a bag left at the Goodwill or Salvation Army dropoff, or out of a dumpster they were diving in, looking for "recyclables".

Re:Not evil enough (1)

genner (694963) | more than 5 years ago | (#25761913)

IOW, the Coke sign in the crack house is likely about as relevant as the Nike swish and the Just Do It logo

Maybe if a nike sign was hung at the local brothel.....

Antivirus xp 2008 (1, Offtopic)

layingMantis (411804) | more than 5 years ago | (#25759879)

My roommate got that virus on his laptop. It's a P3 500Mhz, a little old and slow to run these kitchen sink firewall/antivirus programs that are out now.

I did get SpyHunter to identify the problems, which it did admirably. (you gotta pay for it to actually FIX the problem).

When you go into Safe Mode and try to delete some of the offending files, it STILL access denies you. I had to use Task Manager to stop the explorer shell altogether, then 'DEL' them from the command line. Once done I ran ole' trusty Autoruns to clean up.

I told him that virus is usually contracted from the bigger gay porn sites and he just looked sheepish.

Re:Antivirus xp 2008 (-1, Troll)

b3m87 (1176511) | more than 5 years ago | (#25759983)

Just call geeksquad next time. They will destroy the computer and force him to upgrade.

Re:Antivirus xp 2008 (0)

Anonymous Coward | more than 5 years ago | (#25761265)

I'm not sure why you're modded offtopic; my guess is some moderator didn't RTFA and therefore didn't realize you were actually discussing the article instead of the summary!

But no one ever clicks on the ads (3, Insightful)

Progman3K (515744) | more than 5 years ago | (#25759953)

So why worry?
At least this way the malware companies pay someone and end up infecting no one.

Seriously have YOU ever clicked on an ad?

I've put adwords on my site www.gentooxo.org thinking it would help me pay for the site's hosting and the bandwidth I use to distribute my customized-for-olpc linux distro but you know what? According to my stats NO ONE has ever clicked on an ad!
And that's after about two thousand visits to the site and maybe 200 downloads!

Here is my 'required by google' policy on the ads:
http://gentooxo.org/disclaimer.shtml/ [gentooxo.org]

So useless are the ads that I am thinking I will simply drop them...

Re:But no one ever clicks on the ads (0)

Anonymous Coward | more than 5 years ago | (#25760027)

I don't usually click on ads, but in your case, I suspect the lack of clicks is due to poor placement. They don't catch the eye -- at all.

Try embedding them in a block of text, or putting them in the header, or something.

Re:But no one ever clicks on the ads (3, Informative)

Progman3K (515744) | more than 5 years ago | (#25760075)

Try embedding them in a block of text, or putting them in the header, or something

Ah, but in the contract you must accept with Google, they explicitly forbid you to do anything to attract attention to the ads, which does sort of make sense...

All that and a poison apple, might as well remove the ads entirely.

Re:But no one ever clicks on the ads (1)

hansamurai (907719) | more than 5 years ago | (#25760251)

You can pretty much put them wherever you want as long as you don't go "HEY! CLICK ON THESE ADS!" Really, the only limitation they have is don't tell people to click them and don't put anything directly above the ad besides something like "Sponsored Links".

Re:But no one ever clicks on the ads (0)

Anonymous Coward | more than 5 years ago | (#25760071)

I have some ads on a shitty blog I set up just to see if you could "make money" with a blog (a while back I looked into a number of online money making scam, err, schemes).
I've never advertised it.
It has been running for 12 months. I now have 3k hits and "made" $2.34

Re:But no one ever clicks on the ads (1)

Progman3K (515744) | more than 5 years ago | (#25760155)

Must be your target-demographic...
Obviously (in my case) only geeks and nerds would visit (YAY Geeks and Nerds!)

In your case... You didn't say what your blog is about, it would be interesting to note the difference.

Re:But no one ever clicks on the ads (1)

repvik (96666) | more than 5 years ago | (#25760109)

There. You've got a click. Happy now?

Re:But no one ever clicks on the ads (1)

Progman3K (515744) | more than 5 years ago | (#25760215)

There. You've got a click. Happy now?

Not if you got infected.
Although Google does promise that they use your site's Google index rating to select the ads and in the case of GentooXO, that would mean things that have to do with the OLPC, so there is almost no chance malware writers would write ads for this segment...

I use ad-blocking techniques, so every time I check the site I see no ads at all but the few times I have seen it from someone else's computer, the ads DID seem targetted to the OLPC, which is sort of neat.

I didn't click on the ads though, that is another stipulation in the Google adwords contract, you must never click on your own ads.

Anyone here ever read the contract? It is really long!

Re:But no one ever clicks on the ads (1)

gad_zuki! (70830) | more than 5 years ago | (#25760193)

2k total visits? You need a lot more traffic to make use of ads. I would think something along the lines of 2k a day. Even then its not a lot.

Re:But no one ever clicks on the ads (2, Interesting)

ledow (319597) | more than 5 years ago | (#25760195)

I helped put Google Ad's on a site my brother runs... http://www.scoutingresources.org.uk/ [scoutingresources.org.uk]

We get enough money from the ad's to host the site (which has some pretty hefty bandwidth needs at the moment but we have a very charitable host who does us lots of favours) and run a couple of camps for the Scouts every year. The clickthrough ratio is the same as my own sites, about 0.30%, but the number of visitors means it's actually profitable. Of course, we get that amount of visitors but being useful, prevelant, having lots of information, and being around for nearly 10 years helps - however we have never paid to advertise it, on-line or off. As far as I know, we've never had an article in any big Scouting magazines or anything. Just local stuff and general Googling. We don't sell anything, we don't take bribes, we don't like to anything that we review/use (advertisers/sponsors are *clearly* marked as such). So I guess it's just the number of eyes that determine click-through's, than anything else. I haven't seen the statistics in a while but I'm pretty sure we get a thousand visitors an hour or something stupid like that, for as far as you can trust web-based metrics.

Ad's get clicked on. In fact, the last few times we've been approached by camping specialists to sponsor the site, it's been for much less than the Google ad's bring in on their own.

Re:But no one ever clicks on the ads (2, Interesting)

trongey (21550) | more than 5 years ago | (#25760249)

Progman3K,
Your target demographic is people who want something for free. Do you really expect them to click on ads for for stuff that costs money?

Re:But no one ever clicks on the ads (1)

hansamurai (907719) | more than 5 years ago | (#25760273)

I just added ads to my site and I've already paid for half of my hosting in about a week. I think the problem is your target demographic: Linux users. Most of them are obviously quite knowledgeable about things like Firefox, Adblock, Opera, Noscript, etc. My site kind of falls in between with video games. There are knowledgeable people and then there are just kids doing kid stuff.

Plus 2000 hits is not that much, click through ratio is really not that good for any site, your sample size is just not that big. But I did click an ad for you, so you just earned like 40 cents. Yay!

Re:But no one ever clicks on the ads (1)

maxume (22995) | more than 5 years ago | (#25760833)

Until teh Google reads this thread and cancels his account.

Re:But no one ever clicks on the ads (1)

hansamurai (907719) | more than 5 years ago | (#25763539)

It could happen, but he didn't outright ask anyone to click his ads. I still chose to do it myself, I actually saw one for O'Reilly and spent a few minutes there checking out their new stuff.

Re:But no one ever clicks on the ads (1)

maxume (22995) | more than 5 years ago | (#25763651)

When I go reward clicking, I try to click on ads for companies that look dubious or that I don't like.

I suppose I would also click on an ad for something I thought I might buy, but I tend to be a bit of tightwad, so that doesn't really come up.

Re:But no one ever clicks on the ads (1)

sukotto (122876) | more than 5 years ago | (#25760289)

Even though your project looks pretty cool, I'd be surprised to hear you get much traffic. And ad clickthroughs are small (even at the best of times)... like 1% of users will even LOOK at the ad. Of those, only a few percent will click.

What you describe is a teeny tiny micro-niche site. I mean, come on...
A do it yourself, operating system for a laptop that's not readily available to the general public?
(You might be able to buy one during the once-a-year buy-1-get-1 sale... and even then changes are good that you never actually received it).

Of course you didn't get any money :-)

Re:But no one ever clicks on the ads (1)

Progman3K (515744) | more than 5 years ago | (#25760345)

Bah, it doesn't matter!

I wasn't doing it for the money anyway.

I will remove the ads. Felt cheap putting them there to begin with.

For the record, my G1G1 OLPC was ordered in mid-November and was received in late January.

It has a defective keyboard (which I can fix) but otherwise it is a great little machine. I am just worried about playing around in there (my big hands) since it is the only unit I have.

Re:But no one ever clicks on the ads (1)

Actually, I do RTFA (1058596) | more than 5 years ago | (#25760905)

Seriously have YOU ever clicked on an ad?

No. And I never installed Gator or the Comet Cursor toolbar either.

it's like that with any media. (0)

Anonymous Coward | more than 5 years ago | (#25759981)

GO to the back of any magazine and you will inevitably find at least one questionable business. Even the main advertisements on the front can be questionable: Enron used to publish big colorful ads.

Advertisements and editorial content has always been a separate thing.

You have to be kidding (1)

Dishevel (1105119) | more than 5 years ago | (#25760175)

notthatwillsmith must be a reporter from NBC or somthing. Did you seriously write a big evil corporation story about 1 text ad? Then at the end you do the whole "Was this a one-time oversight?" thing. Good job on findiung and sensationalizing Nothing.

Re:You have to be kidding (0)

Anonymous Coward | more than 5 years ago | (#25760579)

Actually he's the editor-in-cheese of Maximum PC magazine, the site that the story links to.

And apart from a serious Peggle addiction, he's a pretty good guy.

Some badware (working) links in Google Shopping (0)

Anonymous Coward | more than 5 years ago | (#25760335)

http://www.google.com/products?q=powerbook+g3+lithium+ion+battery+M4685&btnG=Search+Products&show=dd&scoring=p

Still links to malware sites, it's a search for a powerbook g3 battery on google shopping... the $60.06 ones are all links to badware

Tech support - unsafe site my ass (0)

zakezuke (229119) | more than 5 years ago | (#25760497)

I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.

"You are infected with a malware that you picked up because of your browsing habits"

Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site. I actually had just updated my virus definitions (avast), and updated my firewall. My windows updates are not as up to date as they could be, which is rather why I ask which one takes care of this exploit?

The behavior was a forced reboot with no option to run cmd to abort it. After windows said something about not connecting to "all" network drives, which is odd as I don't have any network drives setup. Then the process "brastk.exe" appeared.

Re:Tech support - unsafe site my ass (2, Insightful)

slash.duncan (1103465) | more than 5 years ago | (#25760993)

I recently got infected with Antivirus 2008. Googling for a solution, mainly which windows exploit was used to get it on the system I found the following type of comments.

"You are infected with a malware that you picked up because of your browsing habits"

Yeah right, I got infected because of Google Ads, which can be found on many a mainstream site.

As they said, infected due to your browsing habits.

If you were running an ad blocker, you couldn't have been infected by an ad. It almost certainly required scripting, with a good chance it required cross-site scripting, as well. Thus, scripting off by default, regardless of your ad viewing preferences, would have stopped it in most cases, and even if you had that mainline site whitelisted, the malware site it tried to load stuff from would have fallen into the no-scripting default and thus would have been blocked.

Also, browsing habits could well be defined as inclusive of the platform you choose to browse from, and almost certainly would include your choice of browser. You don't here of so many getting infected running say firefox on MS, and even fewer running any of the even semi-common Linux platform browsers...

All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!

So yes, browsing habits, indeed. Just because they are common browsing habits doesn't make them /safe/ browsing habits.

Re:Tech support - unsafe site my ass (1)

zakezuke (229119) | more than 5 years ago | (#25762141)

All of those can be reasonably included in browsing habits, yet changing just one of them, one of adblocker, script-blocker, browser, browser-platform, would have likely made you immune. Change all four of them, still keeping in mind they all fit reasonably within the definition of browsing habits, and the chances of being infected by an ad that's blocked, requiring scripting that's turned off, targeting a browser you aren't running, on an OS that if you run at all, you don't consider secure enough to browse the web with, are practically nil!

I'm sure what is meant is "if you're going to search for vvarzz you're going to get infected". I could change my platform, I could run an ad blocker.

Browser, well, I got infected using firefox v2.0.0.18. I "should" update.

Google doesn't give a damn as long as they're paid (3, Insightful)

glindsey (73730) | more than 5 years ago | (#25760615)

You want proof? Google for "spybot" or for "adaware" and see how many deceiving pieces of malware are advertised in the sponsored links:

"spybot": 3 sidebar, 1 at the top.
"adaware": 3 at the top
"ad-aware": 1 sidebar, 1 at the top

I'm always sure to tell my friends and relatives the actual URL for Spybot S&D or LavaSoft because of these scamming low-lifes. I've reported them a half-dozen times to Google, gotten an automated response, and never seen a change.

NEWS FLASH (1)

Cowmonaut (989226) | more than 5 years ago | (#25760917)

News Flash: The Internet is a potentially dangerous place! There are bad things out there.

Is anyone particularly surprised that a business isn't actively trying to police it? That would be a huge sinkhole of money.

Oh and their anti-malware site protection on search results isn't perfect either. Occasionally stuff still slips through.

Nothing to see here, move along...

Google wants money (0)

Anonymous Coward | more than 5 years ago | (#25760985)

Google doesn't give a f*ck, i've seen it happen, not with malware sites but with an electronics store scam. They'd change their name every few months but they always had their google ads to lure customers. They "sold" high-end cameras, plasma tvs, whatever, for very low prices, never sending the items to the customers. Some people did warn Google; did Google care? No.

Slashdot Posting Known Spam Stories (1)

Colonel Korn (1258968) | more than 5 years ago | (#25761027)

It seems like half of the stories here are posted for us to go through the same gratuitous cycle. A halfway baseless article criticizes or praises a company that for some reason a lot of us like and a lot of us dislike. A lot of people post about the article proving that the company is evil. Other people respond and defend the company. A few posts on either side are reasonable and balanced. A few are reasonable and unbalanced. Most are just a big pile of poorly concealed flame. Then we repeat in 90 minutes with a new target.

I'm getting tired of criticizing Google, myself. I am not a fan of the company by any means, but what's the point of posting roughly the same hate cycle 3 times a week? Half of the more unique stories are even beginning to feel pointless to me now, since most of the discussions end up heading toward creationists, atheists, or a general left vs right (or libertarians vs. everyone) brawl.

Hey kdawson! (0)

Anonymous Coward | more than 5 years ago | (#25761317)

Quit posting rational, cautionary, suffices--how can we complain about that?

(Seriously, good reminder)

Other examples. Google still evil. (1, Troll)

Animats (122034) | more than 5 years ago | (#25761319)

That's not a lone example. Search with Google for "craigslist auto posting software". These are all paid Google ads:

  • "CL Posting Software www.adsoncraigs.com The worlds Best Selling CraigsIist software. Works with new CAPTCHA!"
  • "Craigs Works Must Try Us webtrafficus.com We do the work no software To Buy Best Service All Ads Guaranteed Up"
  • TopPost Inc. www.toppost.com The Leader in Posting Services 866-895-6888 -- info@toppost.com
  • Buy Craiglist accounts Phone verified accounts, hassle-free, only 4.95$/account . www.craigsup.com

We track the "bottom feeders" in Google AdWords over at SiteTruth. [sitetruth.com] We consider about 36% of Google's advertisers, out of a set of 20,000 ad domains, to be "bottom-feeders" - no visible business address, or we have other negative info. If you download AdRater, our Greasemonkey script for Firefox [sitetruth.com] , we rate the advertiser behind every Google ad you see and display a rating icon on top of the ad. (Yes, the plugin "phones home". It tells us lots of stuff about the advertiser, which we're interested in, and very little about the user's browsing, which we don't care about. The plugin is open source, so you can check this.)

With the information we have, it's painfully obvious that Google isn't picky about their advertisers. The example in the article is one of many, not a unique exception.

Google CEO Eric Schmidt was quoted last month as saying "The Internet is fast becoming a cesspool" [adage.com] Was he complaining, or boasting? Much of that is Google's doing.

to "do no evil," they should first check 'em out (1)

swschrad (312009) | more than 5 years ago | (#25761457)

and if the links go to EvilLand, send the deposit back, and notify SpamHaus and the other badware trackers.

Google isn't entirely innocent (2, Interesting)

lemur666 (313121) | more than 5 years ago | (#25762953)

A while back my credit card info was stolen and I first noticed it because of some suspicious charges.

What were the charges?

Google adwords. Several hundred dollars worth and all pointing to malware sites.

Clearly, the first for steps whomever stole my credit card info were to set up ads directing folks to sites that could potentially be used to infect more machines, steal more info, etc.

This was almost a year ago, so Google (at some level) has to know that this sort of thing is going on. And if it's still going on a year later, it must still be successful as a way to spread malware.

Not it's possible Google isn't doing anything about it because they think that if they start policing it, they may be exposed to more liability.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?