Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Sponsored search results lead to malware

Windows Secrets Newsletter • Issue 217 • 2009-10-08 • Circulation: over 400,000

Table of contents 
  • Top Story: Sponsored search results lead to malware
  • Known Issues: More tips for avoiding Windows 7 upgrade bumps
  • Wacky Web Week: Almost all spam traced to a single country
  • LangaList Plus: Make sure your private data’s snoop-proof
  • Woody's Windows: Free MS Security Essentials are worth trying
  • Perimeter Scan: Take steps to secure your home network’s router
 
Top Story

Sponsored search results lead to malware

Susan bradley By Susan Bradley

The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.

Neither Bing nor Google effectively prescreens these bogus advertisers, so it’s up to us to detect and avoid them.

You may recently have used either Google or Microsoft’s new Bing search engine to find the popular Malwarebytes Anti-Malware utility. If so, chances are good that the sponsored ads alongside your search results contained links to the very malware that the security tool is designed to remove.

The three largest search sites — Google, Yahoo, and Bing — regularly sell security-related keywords to criminals looking to trick you into downloading and installing fake anti-malware products. The crooks then steal your personal information or hold your system for ransom before letting you remove their malware from your machine.

The search providers have been aware of this for years. To their discredit, they’ve done little to end the practice, even though it’s in their power to do so. The reason? They’re making money hand over fist from those sponsored text ads and don’t want to kill the goose that lays the golden eggs.

Case in point: A Windows Secrets reader searched Bing for Malwarebytes Anti-Malware. He clicked the first link displayed and ended up on a site that installed a rogue antivirus program on his PC. (See Figure 1.)

Bogus malwarebytes links in bing
Figure 1. Malicious sponsored ads are interspersed with links to legitimate companies when you query search engines for the Malwarebytes security program.

Rather than getting a tool to clean up a friend’s infected computer, this Web surfer ended up having to disinfect his own. He and several other people I’ve heard from recently were hit with the result of search services’ selling sponsored links without validating those links’ legitimacy.

As search terms become popular, scammers jump at the chance to have their bogus ads appear among the results. To get their deceptive ads into these highly visible search results, these criminals simply buy these high-traffic terms from the search engines.

Big-name sites still serving up malicious ads

Another form of dangerous Web ads appears on otherwise legitimate sites.

WS contributing editor Scott Dunn described a year and a half ago in an April 17, 2008, Top Story infectious Flash ads that achieved space on well-known sites. I also reported on drive-by malware downloads in the June 11, 2009, Top Story. In the most-recent case, NYTimes.com and other established sites hosted malware-infested ads. The New York Times described the attack in a Sept. 14 article.

When malicious ads — or “malvertisements” — enter the rotation on these sites, your system may become infected if you merely view the page. This is especially true if your versions of media players based on Java, Flash, or QuickTime are out-of-date.

It’s getting so bad that even top officials at Google acknowledge the problem, though they haven’t yet taken steps to halt it. Eric Davis, head of anti-malvertising at Google, stated at the 2009 Virus Bulletin Conference that the industry needs to work together to combat this problem.

As reported by Dennis Fisher on Kaspersky Lab’s Threat Post site, Davis called for the creation of an industry clearinghouse that would certify ad servers. Such an organization would allow all search vendors and other sites to use online-ad agencies without fear that a malicious ad would insert itself into rotation.

Microsoft has decided to use the courts as a weapon against malicious advertisers. A Sept. 18 Associated Press article posted on the MSNBC site states that the company is attempting to go after several suspicious ad vendors.

Even using Yahoo or a smaller search index won’t prevent such attacks, because second-tier engines have been hit with malicious ads, too, as a Sept. 25 story by Deborah Hale on Incidents.org reported.

Ways to fight back against online attack ads

Following my investigation of the malicious ads on Bing, I contacted the Microsoft Security Response Center, which can be reached via secure at microsoft.com. Within a few days, the offensive ads were removed.

However, searching on the term malwarebytes combined with such words as virus and antivirus continued to return dubious destinations in Bing’s sponsored-links section.

The same type of ads appears among Google results when you search on similar terms. Depending on the location you search from, you may see a link to Cyberdefender.com among the results. This company is listed on the hpHosts site as selling fraudulent software.

I reported this site to Google via a Web form on the Google site. But to date, no action has been taken to remove this and related malicious links.

Unfortunately, balancing the scales of justice takes time. What can you do in the meantime to help protect yourself from these malicious ads?
  • Don’t expect flawless protection from your Web browser of choice. Internet Explorer, Firefox, and other browsers now support bad-sites lists, but every malicious ad server may not be known. Nor are browser security add-ons perfect. McAfee SiteAdvisor, for instance, may include results that are up to one year old, as WS contributing editor Mark Edwards reported on Feb. 12, 2009.

  • If you’re not sure, verify the URL. Microsoft and Google have large payrolls, but the search giants don’t employ literal armies to review ad submissions. If you’re at all suspicious of an ad’s legitimacy, check the URL via a service such as hpHosts, which tracks domain names that researchers have reported as malicious.

  • Help vendors by reporting malicious advertisers. To report bogus ads on Google, e-mail security at google.com. This is likely to be more effective than reporting the site via the search giant’s online form. If you discover malware purveyors advertising in Bing’s results, e-mail secure at microsoft.com. Yahoo, however, offers only a Security Phishing Report Form.
I do hope that Google, Microsoft, and Yahoo can put their differences aside and correct this situation. In the meantime, be careful when you search and be suspicious of sponsored links. Too many of them are fictitious these days — and dangerous.

UPDATE 2009-10-15: The Oct. 15 Known Issues column describes temporary disappearance and subsequent reappearance of malware ads in Google’s sponsored links. The column also presents reader suggestions for preventing sponsored ads from appearing in search results.


Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
 
Known Issues

More tips for avoiding Windows 7 upgrade bumps

Dennis o'reilly By Dennis O’Reilly

For most PC users, the migration to Microsoft’s new version of Windows will go smoothly — with a little preparation.

Spending a few minutes getting your system ready before you insert that Windows 7 installation disc may save you hours of troubleshooting and repair afterward.

The countdown to Microsoft’s official Windows 7 launch to consumers on Oct. 22 has begun. As WS contributing editor Scott Spanbauer described in his Oct. 1 Top Story, taking some time to prep your system prior to the upgrade can go a long way toward ensuring a fruitful Win7 experience.

In addition to Scott’s pointers, our readers know of one or two other tips you can add to your Win7 upgrade preparations. Tom Rosania points out one way to avoid applications that won’t activate:
  • “If any of your products have a limit on the number of times they can be installed with the same serial number, you might be denied permission to install them as part of a fresh install of Windows 7. Most of the time, there’s nothing you can do about this. You just have to try the installation and hope that you’re under the limit.

    “However, some software companies allow you to deactivate the serial number from your old computer and reactivate it when you reinstall. This keeps you under the limit. Adobe in particular does this. For example, in Adobe Acrobat Standard or Professional, you can go to Help, Activation and click Deactivate. By doing this, you’ll stay under the limit and you’ll be able to reinstall the product.”
A reader who goes by the name Alrock discovered a couple of quirks when he used Microsoft’s Windows 7 Upgrade Advisor:
  • “The Windows 7 Upgrade Adviser doesn’t work for x64 XP.… My HP OfficeJet 7210 printer/scanner lacked any 64-bit drivers from the manufacturer. But as soon as I plugged it into Windows 7 x64, it connected to Microsoft, downloaded working drivers, and — for the first time since upgrading to a 64-bit OS — is once again fully functional.”
Yes, sometimes Microsoft gets it right. Let’s hope that’s not the last time we say that in reference to Windows 7. By the way, you can download the Windows 7 Upgrade Advisor beta from Microsoft’s Get Windows 7 page.

Other clutter to clean out prior to Windows 7

Scott’s article listed several areas to clean prior to upgrading Vista to Windows 7. But Victor Sacco would like to add a couple of nooks and crannies to the list:
  • “When running Disk Cleanup, go to Advanced options (on Vista, select from all users on this computer) and delete Restore Points and Shadow Copies. Users may be surprised at how much space is taken up by System Restore data.

    “Along with unnecessary programs, uninstall all resident anti-malware applications: antivirus, antispyware, and third-party firewalls. Unless the user is running the very latest versions of these apps, they’re likely not Windows 7-compatible. Even if they are, I would still remove them and reinstall them afterward.

    “These programs hook and monitor the system at a very low level, and there’s a real chance they’ll interfere with the upgrade. The system can be temporarily disconnected from the Internet until protection is reinstalled.”
Here’s hoping your Windows 7 adventure gets off to a smooth start.

Readers Tom, Alrock, and Victor will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Almost all spam traced to a single country

Giant spam trash can By Stephanie Small

Who isn’t sick of getting all that pesky spam? According to a recent report by the Onion, up to 90% of spam comes from the small East European country of Koy4Goff. The report claims that if these messages were blocked, the country would be virtually wiped off the map.

But the Koy4Goffians aren’t going down without a fight. Listen as this spam-addled country shares its hilarious reasons for why junk e-mails are an important part of society. It may just make you think twice before you delete those unwanted come-ons! (Warning: Coarse language.) Play the video
 
LangaList Plus

Make sure your private data’s snoop-proof

Fred langa By Fred Langa

Why let data thieves mine your personal files and backups when you can encrypt them quickly and simply — without spending a dime?

Free, high-quality, disk-encryption tools make all your files and backups totally unreadable by anyone — except you!

When your backup’s stolen, your data’s exposed

Sam Stamport had a nightmarish problem:
  • “I was the unfortunate victim of a burglary a few days ago. Fortunately, I wasn’t home when it happened, so I’m OK. But a portable hard drive with my backup data on it was stolen. The computer itself was not stolen, thank goodness! The police said the thief probably saw the portable hard drive and thought it was an iPod.

    “I got to thinking about how to protect my private data on a portable hard drive and how to protect the data on my computer’s hard drive. I know I can set a login password in Vista, but are there other steps one can take if a computer or portable hard drive is stolen, to prevent thieves from accessing data on the hard drives?”

Yes, there are, Sam. You’ve already taken the first step by letting Windows’ basic, built-in security do its job. Make sure each user account on the system is protected by a strong password. A PC with no sign-in password is like a car with the keys in the ignition. See WS contributing editor Becky Waring’s Aug. 6 Top Story for tips on crafting strong passwords.

Most PCs and laptops also let you set a power-on password as a BIOS setup option. This is a hardware password that’s active the moment the PC wakes up, before Windows — or any other OS — even starts to boot. Check your owner’s documentation for the way to do this on your system.

However, a thief could bypass the boot-up password by removing your PC’s hard drive from its enclosure and installing it into another system. For maximum security, you need to encrypt your files. There are two simple ways to do this, and a near-infinitude of more-complex ways.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Woody's Windows

Free MS Security Essentials are worth trying

Woody leonhard By Woody Leonhard

Fast, full-featured, and free, Microsoft’s new security suite is drawing accolades from experts and howls of agony from competitors.

If you’re tired of your bloated and expensive security suite exhorting/extorting you for more money — and you can’t stomach the way free AV products try to scare you into paying — it’s time to try something new and better from an unexpected source.

Microsoft’s new security suite in perspective

Last week, the ‘Softies released the final version of Microsoft Security Essentials (MSE). The initial reports are remarkably upbeat, particularly for a Microsoft product labeled “version 1.0.”

MSE takes over antivirus and antispyware duties while tossing in antirootkit features for good measure. If you have Windows Defender installed — Defender is a separate download for XP but comes with Vista and Windows 7 — MSE zaps it. There’s no need for Defender if MSE is running.

Microsoft provides on its Security Essentials page downloads for 32-bit XP, 32- and 64-bit Vista, and 32- and 64-bit Windows 7. The correct version for your system will be selected automatically. Note, however, that there’s no MSE version for 64-bit XP.

In order to install MSE, your PC has to pass Microsoft’s Windows Genuine Advantage validation hurdle. (You’ve gotta wonder at how many bots out there are running on pirated copies of Win XP, which can’t get MSE and other Microsoft updates.)

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Perimeter Scan

Take steps to secure your home network’s router

Ryan russell By Ryan Russell

A lot of people tend to think of their home network gateway as a fire-and-forget device, but unfortunately, that’s not the case.

Whether you call it a router, firewall, NAT box, wireless access point, or modem — your network connection needs to be correctly configured and patched, just like every other computer you own.

Start by changing the default password

The very first step to securing your hardware gateway — let’s just call it a “router” for simplicity’s sake — is to change the device’s default administrative password. The factory default passwords are all well known and usually no more complicated than “admin” or “password.” To see a list of default network passwords, visit the community-maintained Default Password List I helped initiate many years ago.

There are dozens of router models and nearly as many different software interfaces for them. They share some common themes, however.

For example, almost all router interfaces are Web-based: you enter the device’s IP address in your browser’s address bar and press Enter. There’s an excellent chance the router’s address is either 192.168.0.1 or 192.168.100.1. To find the IP address for your router, click Start, All Programs, Accessories, Command Prompt. Next, type ipconfig /all and press Enter.

I use D-Link’s Wireless G Router WBR-1310. To sign in to my router’s administrative settings, I open http://192.168.0.1 in my browser. I already have a custom password set for my admin user, so I enter that password. (The first time you sign into your router’s settings, you’ll use the device’s default password, which you’re about to change.)

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb