Google AdSense Used for Malvertising Campaign

[steven36]

Forbes and Good Housekeeping names leveraged in the campaign

Advertisements redirecting users to scam websites impersonating reputable magazines and blogs that touted shady health products have been spotted in Google’s AdSense program.

Researchers have discovered that at least two AdWords campaigns have been hijacked by cybercriminals who modified legitimate ads to take visitors to the scammy online locations.

Cybercriminals leveraged names of reputable sites

The malvertising campaign is believed to have started since at least the second half of December 2014, when the scammy domains hosting the fake pages were registered, but became more widespread since Friday, January 9, 2015.

Among the spoofed legitimate websites are Forbes, Good Housekeeping, and Fit Mom Daily, the pages being hosted in different sub-folders on lemode-mgz[.]com and consumernews247[.]com.

Users would be redirected to the fake pages upon clicking on a link or even when loading a new page. Denis Sinegubko of Sucuri says that the fake articles promoted skin care and anti-aging merchandise, IQ and brain enhancers, as well as weight-loss products.

Since these were presented from a seemingly reputable source, users would believe in the legitimacy of the products and thus engage in purchasing them.

To make matters worse, the fraudulent news pieces looked as if they were endorsed by celebrities and also included fake comments from individuals who allegedly witnessed the benefits of the promoted products.

Malicious banners identified by webmasters

The cybercriminal operation lasted for about a month because determining a bad ad delivered by a malvertising campaign is not too easy.

Ad networks function in a way that allows serving content on a website in accordance to various visitor parameters, such as geographical location, type of device used for online navigation or browser history, in order to deliver information relevant to the visitor.

As such, the same advertisements are not shown to all visitors of a website. Furthermore, ad networks rely on scripts that load content from different other partners.

Google solved the problem, but it seems that webmasters were faster at identifying the malicious banners. They used the Ad Review Center component in Google AdSense dashboard, which shows the ads that are to be displayed on their website.

The best part is that Ad Review Center presents the real ads, thus allowing their verification before they make it to the website.

The ad accounts causing the problem were found to be from an anonymous advertiser and from Blackburn ART.

“Both of them seem to be legitimate AdWords account with good looking relevant banners. I guess the scammers somewhow hijacked them — probably stole or guessed their credentials. Most likely those accounts didn’t have active campaigns at the moment. Otherwise their owners must have noticed the significantly increased activity,” Sinegubko said in a blog post.

Source