Here’s more about Google Adsense delivering malware and malicious code

I wasn’t too far off the mark with my last post. It’s not unlikely that what was placed into our site by hacking during the small hours of Saturday morning was Google Adsense code: here’s an article entitled, ‘Google AdSense Potential Source of Malware’ at Resources for Life.
   While ours was more serious, because it involved hacking, Google’s openness and the lack of quality control by its partners (and by itself?) for its Adsense system is still problematic.
   It’s the age-old problem: you want to be more open, but with that comes a flood of less than scrupulous folks who take advantage of it.
   What jumped out at the Resources page was this:

How it Happens. Hackers write malicious program code into the ads. Maybe they submit legitimate code initially then change it for malicious code. Either way, those ads eventually get served up on your site. Either the ad javascript itself, or the places it takes your site visitors, or fake messages making your site visitor think their computer is infected. These ads violate the Federal Trade Commission laws on false advertising, but since everyone’s making money of[f] it, nobody complains.

   Well, not everyone’s making money. The publisher’s site gets blacklisted and it takes days for that to be lifted, so the earnings go down. Who gains? The hackers and Google.
   There’s something to be said sometimes about closing things off, especially if they are subject to abuse. The cited article dates from 2012, and a linked forum has posts going back to 2011, so these issues have gone on for some time. The latter makes for sobering reading, with quotations such as:

I recently was getting a daily notice where users were randomly getting malware warnings popping up on their browser when on my site. I shut off all Google Adsense and this immediately stopped.

I was too having a similar problem. Just the difference was that, the suspected cause was malicious Analytics Code. As soon as I removed, the entire problem was solved. Google must look into this as soon as possible.

I’ve reported this to them and posted in their help forums but they have been non responsive. It is definitely being delivered through Adsense and I suspect their ‘trusted 3rd party’ network.

   The other ad networks we deal with have done a better job with screening. Of the main ones we dealt with, I can only think of an incident back in 2007, with some fake Careerbuilder ads. Maybe we should turn the clock back—or the ad networks should insist that we not deal with certain parties.

You may also like

2 thoughts on “Here’s more about Google Adsense delivering malware and malicious code

Leave a Reply

Your email address will not be published. Required fields are marked *