The popular Google AdSense program that supplies advertisement to most websites has become the latest victim of malware abuse. It has been reported that serious malvertising attacks were delivered on websites registered with Google’s AdSense program. Denis Sinegubko, senior malware researcher at Sucuri, wrote that advertisement banners placed by Google on AdSense registered websites re-directed web surfers to dubious websites which were marketing health care and weight loss products.
The fake websites were designed to look like reputable websites like Forbes, Good Housekeeping, The Doctors, Fit Mom Daily, etc. They look like magazines that show celebrity endorsements and exiting headlines about scientific researches, followed by lots of fake comments about how those products really helped someone.
Attackers inflict a successful Malvertising attack
Malvertising attacks have existed for a long time for online advertising companies. A common query could be how these attackers get registered with Google AdSense. The truth is that attackers escape from Google webmasters by submitting clean and non-malicious advertisements at the time of approval, which they later substitute with malicious ones.
Writing on the occurrence of Malvertising is, Denis Sinegubko said,
“Malvertising is a nasty problem. It’s hard to track. Because of ad targeting (e.g. location, mobile vs desktop, 3G vs Wi-Fi, web browsing history, etc), different users see different ads and different ad campaign are active in different time. Moreover, one third-party ad network script usually loads content from dozens of other partner networks and trackers behind the scenes”.
Google, on the other hand, confirmed that there could be lapses in the security and the system wasn’t 100% foolproof. Acknowledging the breach, Google moderators said in the AdSense support forum that they are working on to block malicious ads and apparently eliminated them over the weekend.
The fake sites detected were different subdirectories of lemode-mgz .com, consumernews247 .com, and previously wan-tracker .com. All links point to track .securevoluum .com/click – However, if you visit any of these sites directly, you will see nothing but empty pages. The domains for all these sites were registered about a month ago.
With malvertising attacks successfully infecting Google AdSense, there is a strong possibility that such attacks are already happening in other ad networks and site owners could have not realized the presence of malware.
