Google Advertisements Circulating Spyware
Julien Sobrier, Researcher at Zscaler was apprehensive about a suspicious advertisement announcing a free Flash Video player in Google Reader containing adware/spyware, as reported in news in HELP NET SECURITY on December 4, 2012.
Sobrier also claimed that the advertisement directs to downloading of a page for FoxTab FLV Player. The page contains a disclosure statement at the end that provides information of the scheme. It announces the user about the totally free offer of the product and also about other similar products at offer.
A click of the link provided along with the advertisement takes the user to a page with downloadable option, which repeatedly confirms the free offer in the advertisement. However, only at the end of the page, the disclosure statement reveals information about the bundle of other free offers clubbed with the free software.
The specified adware/spyware installs a toolbar all along with the player, unwrap several ports in the system, endeavors connecting with remote servers and further requests for a number of URLs from them.
An in-depth analysis of the executable provides further information about the intricacies of the packages that were downloaded and the port also opens up on the system.
The advertisement was revealed on the RSS feed of a security company, which is into security maintenance services of websites. This instance indicates the underlying insecurity of legitimate-looking websites. In other words, it is a signal to the inadvertent usage of websites inviting unwanted spyware in one's system. Even the most popular and trusted search engine, Google cannot claim 100% adware/spyware free content to the users.
Sobrier also reminded of a similar instance during which, popular search engine like Bing and Yahoo were also held for malware claims that were distributed through the same manner of advertisement. GFI Labs noticed these adverts that were prompting malware downloads including Firefox, Skype, and uTorrent and invigorates users towards clicking spurious link leading malware installation. Companies like Yahoo and Microsoft also alerted about the issue and promised to provide complete security of the same.
In this instance, Sobrier recommended users to be extra-conscious while downloading matter from websites, even it is from trusted third-parties, such as Google.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 12-01-2012