Make your PC run like new Tired of your unstable and crashing PC? Looking for a permanent solution for your dysfunctional XP? Don't compromise — get our new, state-of-the-art technology. Reimage requires no setup and causes no loss of data or applications. This is the ultimate professional repair tool, which works like "magic," according to eWeek. Get a free Reimage PC booster with every scan. Try it now! Reimage

Wake them up with Snagit Add any size PC images to your PowerPoint presentations in a snap. From something small to a page that scrolls, Snagit has you covered. Grab exactly what you want, when you want it, every time. Images make things more interesting and keep your audience engaged. Try it free today! Snagit

Learn to use MS Office like a pro Frustrated by MS Word? Excel just doesn't seem to add up? Feel powerless using PowerPoint and MS Outlook? Carol will explain it all for you in a clear and concise manner. Visit Carol's Corner Office, home of the Word Bytes Newsletter today, and subscribe! As an added bonus, when you become a member, you receive deep discounts on her top-selling books explaining the intricacies of MS Office. Carol's Word Bytes Newsletter

See your ad here

By Susan Bradley

The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.

Neither Bing nor Google effectively prescreens these bogus advertisers, so it's up to us to detect and avoid them.

You may recently have used either Google or Microsoft's new Bing search engine to find the popular Malwarebytes Anti-Malware utility. If so, chances are good that the sponsored ads alongside your search results contained links to the very malware that the security tool is designed to remove.

The three largest search sites — Google, Yahoo, and Bing — regularly sell security-related keywords to criminals looking to trick you into downloading and installing fake anti-malware products. The crooks then steal your personal information or hold your system for ransom before letting you remove their malware from your machine.

The search providers have been aware of this for years. To their discredit, they've done little to end the practice, even though it's in their power to do so. The reason? They're making money hand over fist from those sponsored text ads and don't want to kill the goose that lays the golden eggs.

Case in point: A Windows Secrets reader searched Bing for Malwarebytes Anti-Malware. He clicked the first link displayed and ended up on a site that installed a rogue antivirus program on his PC. (See Figure 1.)


Figure 1. Malicious sponsored ads are interspersed with links to legitimate companies when you query search engines for the Malwarebytes security program.

Rather than getting a tool to clean up a friend's infected computer, this Web surfer ended up having to disinfect his own. He and several other people I've heard from recently were hit with the result of search services' selling sponsored links without validating those links' legitimacy.

As search terms become popular, scammers jump at the chance to have their bogus ads appear among the results. To get their deceptive ads into these highly visible search results, these criminals simply buy these high-traffic terms from the search engines.

Big-name sites still serving up malicious ads

Another form of dangerous Web ads appears on otherwise legitimate sites.

WS contributing editor Scott Dunn described a year and a half ago in an April 17, 2008, Top Story infectious Flash ads that achieved space on well-known sites. I also reported on drive-by malware downloads in the June 11, 2009, Top Story. In the most-recent case, NYTimes.com and other established sites hosted malware-infested ads. The New York Times described the attack in a Sept. 14 article.

When malicious ads — or "malvertisements" — enter the rotation on these sites, your system may become infected if you merely view the page. This is especially true if your versions of media players based on Java, Flash, or QuickTime are out-of-date.

It's getting so bad that even top officials at Google acknowledge the problem, though they haven't yet taken steps to halt it. Eric Davis, head of anti-malvertising at Google, stated at the 2009 Virus Bulletin Conference that the industry needs to work together to combat this problem.

As reported by Dennis Fisher on Kaspersky Lab's Threat Post site, Davis called for the creation of an industry clearinghouse that would certify ad servers. Such an organization would allow all search vendors and other sites to use online-ad agencies without fear that a malicious ad would insert itself into rotation.

Microsoft has decided to use the courts as a weapon against malicious advertisers. A Sept. 18 Associated Press article posted on the MSNBC site states that the company is attempting to go after several suspicious ad vendors.

Even using Yahoo or a smaller search index won't prevent such attacks, because second-tier engines have been hit with malicious ads, too, as a Sept. 25 story by Deborah Hale on Incidents.org reported.

Ways to fight back against online attack ads

Following my investigation of the malicious ads on Bing, I contacted the Microsoft Security Response Center, which can be reached via secure at microsoft.com. Within a few days, the offensive ads were removed.

However, searching on the term malwarebytes combined with such words as virus and antivirus continued to return dubious destinations in Bing's sponsored-links section.

The same type of ads appears among Google results when you search on similar terms. Depending on the location you search from, you may see a link to Cyberdefender.com among the results. This company is listed on the hpHosts site as selling fraudulent software.

I reported this site to Google via a Web form on the Google site. But to date, no action has been taken to remove this and related malicious links.

Unfortunately, balancing the scales of justice takes time. What can you do in the meantime to help protect yourself from these malicious ads?

• Don't expect flawless protection from your Web browser of choice. Internet Explorer, Firefox, and other browsers now support bad-sites lists, but every malicious ad server may not be known. Nor are browser security add-ons perfect. McAfee SiteAdvisor, for instance, may include results that are up to one year old, as WS contributing editor Mark Edwards reported on Feb. 12, 2009.
  
  
• If you're not sure, verify the URL. Microsoft and Google have large payrolls, but the search giants don't employ literal armies to review ad submissions. If you're at all suspicious of an ad's legitimacy, check the URL via a service such as hpHosts, which tracks domain names that researchers have reported as malicious.
  
  
• Help vendors by reporting malicious advertisers. To report bogus ads on Google, e-mail security at google.com. This is likely to be more effective than reporting the site via the search giant's online form. If you discover malware purveyors advertising in Bing's results, e-mail secure at microsoft.com. Yahoo, however, offers only a Security Phishing Report Form.
  

Table of contents

PC got you spooked? Take a break Take a break from the everyday with Infopackets Windows Newsletter, delivered fresh to your e-mail inbox daily. Enjoy your morning cup of joe while catching up with the latest news about MS Windows, tech headlines, PC Tips, plus two freeware picks in every issue. Whether you're a new, intermediate, or pro user, you'll enjoy Infopackets — it's simple to read, fun, and a great way to start your day! Infopackets Windows Newsletter

Your old drivers are slowing down your PC Driver Detective provides the most up-to-date drivers specific to your computer, including all major-brand OEMs (Dell, HP, Compaq, Toshiba, etc.) and generic brands. We access a database of over 9.2 million device-associated drivers — the largest driver update database on the Internet. Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers. Driver Detective

Get your message seen by 400,000 readers Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. Take advantage of our all-new design interface, allowing larger images and longer text, and get updated stats in real time! Windows Secrets Newsletter

See your ad here

• "If any of your products have a limit on the number of times they can be installed with the same serial number, you might be denied permission to install them as part of a fresh install of Windows 7. Most of the time, there's nothing you can do about this. You just have to try the installation and hope that you're under the limit.
  
  "However, some software companies allow you to deactivate the serial number from your old computer and reactivate it when you reinstall. This keeps you under the limit. Adobe in particular does this. For example, in Adobe Acrobat Standard or Professional, you can go to Help, Activation and click Deactivate. By doing this, you'll stay under the limit and you'll be able to reinstall the product."
  

• "The Windows 7 Upgrade Adviser doesn't work for x64 XP.… My HP OfficeJet 7210 printer/scanner lacked any 64-bit drivers from the manufacturer. But as soon as I plugged it into Windows 7 x64, it connected to Microsoft, downloaded working drivers, and — for the first time since upgrading to a 64-bit OS — is once again fully functional."
  

• "When running Disk Cleanup, go to Advanced options (on Vista, select from all users on this computer) and delete Restore Points and Shadow Copies. Users may be surprised at how much space is taken up by System Restore data.
  
  "Along with unnecessary programs, uninstall all resident anti-malware applications: antivirus, antispyware, and third-party firewalls. Unless the user is running the very latest versions of these apps, they're likely not Windows 7-compatible. Even if they are, I would still remove them and reinstall them afterward.
  
  "These programs hook and monitor the system at a very low level, and there's a real chance they'll interfere with the upgrade. The system can be temporarily disconnected from the Internet until protection is reinstalled."
  

Table of contents

By Stephanie Small Who isn't sick of getting all that pesky spam? According to a recent report by the Onion, up to 90% of spam comes from the small East European country of Koy4Goff. The report claims that if these messages were blocked, the country would be virtually wiped off the map. But the Koy4Goffians aren't going down without a fight. Listen as this spam-addled country shares its hilarious reasons for why junk e-mails are an important part of society. It may just make you think twice before you delete those unwanted come-ons! (Warning: Coarse language.) Play the video

Table of contents

TOP STORY By Susan Bradley Sponsored search results lead to malware Big-name sites still serving up malicious ads Ways to fight back against online attack ads KNOWN ISSUES By Dennis O'Reilly More tips for avoiding Windows 7 upgrade bumps Other clutter to clean out prior to Windows 7 WACKY WEB WEEK By Stephanie Small Almost all spam traced to a single country

	LANGALIST PLUS By Fred Langa Make sure your private data's snoop-proof When your backup's stolen, your data's exposed RAM mix-up causes Blue Screen of Death Links within documents yield weird error Who's sneaking onto your Wi-Fi connection?
	WOODY'S WINDOWS By Woody Leonhard Free MS Security Essentials are worth trying Microsoft's new security suite in perspective Antivirus software vendors strike back Up close and personal with Security Essentials Security hath its price — even with freeware
	PERIMETER SCAN By Ryan Russell Take steps to secure your home network's router Start by changing the default password Make sure your router's firmware is up-to-date Altering your router's advanced options

	There's no fixed fee! Contribute whatever it's worth to you Readers who make a financial contribution of any amount by Oct. 14, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.
	A portion of your support helps children in developing countries Each month, we send a full year of sponsorship to a different child. Your contributions in October are helping us to sponsor Joannah, a 5-year-old girl from the Philippines. Children International channels development aid from donors to Joannah and her community. We also sponsor kids through Save the Children and Plan USA. More info

More info on how to upgrade

Table of contents

• Visit our Unsubscribe page.
  

Table of contents