Google puts a stop to Adsense malvertising campaign

A ‘widespread’ malicious advertising campaign that sent web browsers to fake websites imitating legitimate sites in order to sell weight loss, brain booster and skin care products has been stopped by Google, InfoWorld reports.

Computer Business Review reports that Forbes and Good Housekeeping were amongst the well known websites spoofed in the malvertising attack, alongside as ‘fake, but plausible’ websites. Each website would attempt to sell visitors everything from “health secrets” to wight loss and anti-aging products.

The adverts would appear on websites signed up to Google’s AdSense program, which posts relevant adverts alongside content to monetize sites. These malicious ads would automatically redirect a visitor’s browser to the spam websites.

The attacks began in mid-December, reaching their peak last Friday, but it appears Google has now taken action after being inundated with questions on the AdSense help forum, according to PC World.

Typically in malvertising campaigns, cybercriminals will put through a legitimate advert into the system, before substituting it for a malicious one once approved.

Before the campaign was eradicated by Google, some enterprising webmasters took to tracking down the malicious adverts themselves, via the AdSense control panel, which allows users to review ads for performance, and to block them if necessary. Webmasters looking through the control panel discovered they were still redirected, even when not on site, revealing which adverts were responsible for hijacking visitors.

Two campaigns were canceled by Google, but at this point it remains unclear whether the accounts themselves were malicious, or whether they had been taken over by cybercriminals for the malvertising campaign.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.