InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Malvertising search ads can falsely display as legitimate official site

https://forums.informaction.com/viewtopic.php?t=26828

Page 1 of 1

Malvertising search ads can falsely display as legitimate official site

Posted: Tue Nov 01, 2022 2:32 am
by barbaz
https://www.reddit.com/r/GIMP/comments/ ... itself_as/

Wow. I know that malvertising search ads impersonating popular software is not a new issue, but this is the first I've heard of malvertiser displaying the real software's real official site as a search ad that links to somewhere completely different.

Makes me wonder if intentionally unblocking/unhiding search ads is now a security danger. Or is there some general way to detect and single out this type of fake ad?

Re: Malvertising search ads can falsely display as legitimate official site

Posted: Wed Nov 02, 2022 4:20 pm
by therube
Well, of course a NoScript user is "defended" by default (as JavaScript would be blocked on the malware site).
But, if the user is not paying attention, & allows JS (or if the download link didn't even require JS to download), well...

All of this has still left users puzzled as to why the Google ad showed 'GIMP.org' as the destination domain in the first place, when the ad actually took users to the fake 'gilimp.org' site.
...
Google lets publishers create ads with two different URLs: a display URL to be shown in the ad, and a landing URL where the user will actually be taken to.

The two need not be the same, but there are strict policies around what is permitted when it comes to display URLs, and these need to use the same domain as the landing URL.
...
It still isn't clear if this instance was a slip up caused by a potential bug in Google Ad Manager that allowed malvertising. BleepingComputer has approached Google for comment.
https://www.bleepingcomputer.com/news/s ... like-site/
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited