Security Watch | Matt Hines » Spammers gaming Google advertising

February 21, 2008 | Comments: (0)

Spammers gaming Google advertising

TAGS: Security

Security researchers at e-mail and DLP filtering specialist Proofpoint are reporting a new form of fraud being carried out over Google's online advertising network.

According to the experts, schemers are using spam messages designed to send traffic directly to specific banner ads they control via the Google AdWords program in a new method of tricking unsuspecting users into providing them with ill-begotten income.

The idea is that once someone clicks on such a link, many of which are being advertised as URLs representing legitimate online retailers or pornographic Web sites, the responsible parties simply collect the revenue they would garner if someone visiting a Web site they control could be convinced to click on such an ad.

Basically they're cutting out the middleman, or the need to create fake sites to drive clicks to their ads.

Google typically moves quickly to disable any ads on its network that are found to be abusive of its policies, which clearly forbid behavior such as that described by Proofpoint.

Company representatives didn't immediately respond to inquiries regarding the Proofpoint report.

Despite Google's continued efforts to eradicate opportunities for people to commit click fraud via its ad networks, Proofpoint execs said that the system is still rife with opportunities for misuse, even if the scams can only be carried out for short periods of time before the search giant sniffs them out and shuts down the related sites or banners.

Proofpoint said further that it has already observed spammers using generalized redirect URLs to generate income using AdWords. By modifying certain parts of the Google AdWords URLs the scammers attempt to redirect users to sites they control, not those being advertised in the ads.

In some cases, the URLs being seen by the company redirect people to malware-infested sites hosting Trojan-downloaders or botnet programs. In other cases they merely lead to other more general, spam-driven sites, Proofpoint said.

"The [AdWords] system is open to various types of abuse; [the banner ad spam is] a clever obfuscation technique as less sophisticated spam filters, seeing the Google.com URL might interpret the URL as being legitimate and don't filter the message as spam," said Rami Habal, director of product marketing at Proofpoint.

"Our team has been expecting spammers to start exploiting the AdWords system in these sorts of ways," he said. "We've already seen Google searches exploited in a similar way through 'I feel lucky' URLs, and [we] were a little surprised it took [fraudsters] this long to catch on."

Posted by Matt Hines on February 21, 2008 01:35 PM

RATE THIS ARTICLE: