Malvertising search ads can falsely display as legitimate official site

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Malvertising search ads can falsely display as legitimate official site

Post by barbaz »

https://www.reddit.com/r/GIMP/comments/ ... itself_as/

Wow. I know that malvertising search ads impersonating popular software is not a new issue, but this is the first I've heard of malvertiser displaying the real software's real official site as a search ad that links to somewhere completely different.

Makes me wonder if intentionally unblocking/unhiding search ads is now a security danger. Or is there some general way to detect and single out this type of fake ad?
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Malvertising search ads can falsely display as legitimate official site

Post by therube »

Well, of course a NoScript user is "defended" by default (as JavaScript would be blocked on the malware site).
But, if the user is not paying attention, & allows JS (or if the download link didn't even require JS to download), well...

All of this has still left users puzzled as to why the Google ad showed 'GIMP.org' as the destination domain in the first place, when the ad actually took users to the fake 'gilimp.org' site.
...
Google lets publishers create ads with two different URLs: a display URL to be shown in the ad, and a landing URL where the user will actually be taken to.

The two need not be the same, but there are strict policies around what is permitted when it comes to display URLs, and these need to use the same domain as the landing URL.
...
It still isn't clear if this instance was a slip up caused by a potential bug in Google Ad Manager that allowed malvertising. BleepingComputer has approached Google for comment.
https://www.bleepingcomputer.com/news/s ... like-site/
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Post Reply