Digital Wild West

 

In this September memo to staff, I try to nudge them further toward actually thinking about what it means to use a computer, and take some responsibility for their actions.

Using the convenient and authoritative hook of the Sophos newsletter, I select the dramatic item about the fake Norton antivirus download because 1) it has a dramatic and easily-digested video 2) I get to nag them about SiteAdvisor, the greatest thing since search engines 3) a friendly slap on the wrist of those who keep trying to fix their PC without telling us.

—————————- 

To Company Staff

Our security vendor Sophos, in their latest newsletter, warns of the risk in downloading anti-virus software from an “uninformed” or casual search on the Internet.

A Sophos video demonstration shows the extraordinary effort attackers make to present their Trojan-infected software as legitimate. Before viewing the video (links provided at bottom) please keep in mind two important points:

1.  In the Sophos video, their Google search lacks SiteAdvisor ratings that identify known bad websites.

Google paid advertisements (sponsored listings at the top and right-side of Google search results) regularly contain websites that can only be described as criminal, which suggests Google accepts “dirty” money even though they have the technology to filter their advertising.

Be aware that you cannot trust advertisers even though they appear in a Google-sponsored listing.

This screenshot shows, as many of you know, how a SiteAdvisor-filtered Google (MSN, or Yahoo) search page appears. Note the red SiteAdvisor icon in the paid listing at right, in the screenshot below:

The McAfee popup mentions “11 red downloads.”

A “red download” presents as legitimate software but contains a virus or Trojan to damage your computer (for the fun of it), steal information (business-related, banking, or personal ID), or use your PC to attack others (a zombie!). When installed it might appear to progress normally, while secretly installing malicious programs. And if nothing appears to happen, rest assured, something did.

SiteAdvisor is a free download from http://www.siteadvisor.com/download/ie.html (a known valid program from McAfee) that is installed on most company computers. You should install free version on your home & personal PCs.

2. We have found that malicious software masquerading as “free antivirus” installed by staff (with the best of intentions) on our computers are the most difficult and time-consuming to remove.

If you believe your computer is infected, please confirm the Sophos shield is visible - on screen at bottom-right, near the clock - and does not display a red cross.

If missing, or displays as shown below, please send a ticket to “helpdesk@ourcompany.com.au” stating in the subject your name and “Sophos issue” with optional details in the message body.

Now to the Sophos newsletter and direct video link:

Free Norton AntiVirus? Take care over those Google ads
Internet users should be on their guard about downloading fake anti-virus products, following the discovery of malicious Trojan software that poses as a free copy of Norton AntiVirus 2008.
Google adverts are being presented to Internet users who search for “free antivirus”, leading them to a professional-looking website that claims to offer an anti-virus product for download.
Learn more about this threat at the Sophos blog:
http://www.sophos.com/blogs/gc/g/2008/09/23/free-norton-antivirus

Direct to video:

http://www.viddler.com/explore/SophosLabs/videos/22/

———————————————–
Regards,
IT Team

Reviewing the previous post on ‘missing codecs,’ the advertisements I authorize Google to insert in the right-side columns of my pages got me wondering.

Tempted, were you, to click those little blighters and bring me a few cents? And if you had, to where upon the web would I have dispatched you, my innocents?

I have no idea, wherein lies a huge issue for we who try to run "respectable Internet websites."

 Image above: Screenshot of article on missing codecs. At right Google Adwords list advertisers who paid for keywords prominent in  article, like "codecs" and "media player."

Below is a screenshot of the advertisers on that captured page.

Dirty money?

You might be surprised that Windows Live, Yahoo! and Google SERPS (search engine results pages)are blind to dirty money.

Despite all the sophisticated scam filters and fraud detectors to stop me ripping them off a few cents ("click-fraud") they quietly take money from criminal advertisers, listing them prominently among the sponsored results when you search for information.

And it surprises even me that Google Adwords (and, presumably the other two) run advertisements for criminal websites - and display this malicious content as paid-for advertisements on MY websites.

Let me evaluate the adverts at left using simple methods: powers of observation and McAfee’s SiteAdvisor.

Note, too, that I can’t click my own Adwords links (that is click-fraud) so I must right-click and copy the shortcut, paste into Notepad, and read the destination web address amongst all the tracking code.

I then visit that website and evaluate it from experience.

More scientifically, I call in the big guns from McAfee to rate it based on their testing.

My web browser has the free and powerful SiteAdvisor installed. This miraculous plugin warns me of dangerous or dubious websites, both when I visit them OR review them in a results page from a search engine.

SiteAdvisor.  Get it. Install it. Start with the free version.

OK, let’s run through the 5 ads listed above.

MediaPlayer.Softwarez-Depot.oc

What the?

I’m still wondering what a ".oc" domain suffix is. It resolves to .com and that’s a worry. If I tried an non-kocher URL in my Adwords, Google would spit it out quick smart. Feedback welcome.

These folk don’t show up on SiteAdvisor’s radar. A gray icon means it is relatively new on the web and McAfee hasn’t tested it.

DownloadPCDriversUpdates.com.

The destination site is not necessarily the one shown. That’s quite normal, as it’s often a a redirect to the vendor’s website, the advert being placed by an affiliate.

However, when clicked this advert takes you to www.hypertracker.com which SiteAdvisor declares in no uncertain terms is a "red downloads" website. The advertiser’s printed address is Ok, but you don’t go there, you are redirected to a website offering dangerous downloads.

In our tests, we found downloads on this site that some people consider adware, spyware or other potentially unwanted programs.

Go read more and please be afraid. Two downloads identified by McAfee were Trojan variants of "Downloader.ab". Click the link to read the McAfee page reporting on hypertracker.com:

http://www.siteadvisor.com/sites/hypertracker.com?ref=safe&client_ver=FF_26.6_6268&locale=en-US&premium=false&client_type=FF&aff_id=0

** NOTE **

The advertised (printed) URL, DownloadPCDriversUpdates.com, when entered in a browser, takes one to optimize-my-pc.com, a McAfee green zone.

Yet clicking the ad whisks you off to the the dark side.

Confusing, huh? Dangerous, huh?

PS: View http://www.siteadvisor.com/sites/optimize-my-pc.com/ and note reviewer comment down page.

avs4you.com

The advert takes you directly to AVS4YOU.com. And McAfee gives them the green light:

We tested this site and didn’t find any significant problems.

pcpowerguide.com

These dudes take me straight to themselves with a green McAfee light.

pcsweeper.net

Despite the same headline as 4, not uncommon, I’m off instead to their home site, also a McAfee green zone.

Advertisers 6 to 10

You might not have noticed but Google Adwords now offer up/down arrows at top right of the ad box. Of the next 5 advertisers , 4 were deemed respectable by SiteAdvisor and one was ‘not tested yet’

That one, http://media-playerz.com, initially seemed a professional-looking website pushing free software (QuickTime 7.4) but for the download you must complete an online form.

It became confusing reading the fine print. The site was hastily written. For example, the benefits of signing up:

Your membership is backed by a 7 day satisfaction guarantee.

Signup now and join the millions of users that download files on the Internet.

Get 3 Years Unlimited Software Download & Support ONLY $11.98/year

2 Years Full & Unlimited Access for only $15.88/year

1 Year Full & Unlimited Access for only $19.95

Give me XP Tools to make my computer & Internet faster for only $1.49/Month

Give me the latest updates, newest releases & unlimited live technical support-only $9.88 per month

My head hurts .. it gets dearer for less, or is that a yearly rate? Trying all links on media-playerz.com found broken ones and a lack of depth. Looks like a cardboard mockup.

Anyway, I’m not giving Visa details to a SiteAdvisor-unknown zone, just for starters. Especially one that baits me with software freely available elsewhere and makes me jump through hoops to get it.

Conclusion?

Google** takes money from advertisers who offer malicious software for download - Trojans, to put it bluntly - and run their dirty advertisements on MY website which is trying to warn you to beware of Trojans.

(** Yahoo and Microsoft contextual advertising would presumably also act like Google. I do not run their ‘adwords’ so cannot confirm).

Soon I shall cover the fascinating complement to this subject, the odd predominance of malware websites cluttering the top of Google (and MSN, and Yahoo) PAID search results.

Oh, and I am not removing the Google Adwords.

I am warning you, trust NO-ONE on the Internet.

Deal only with entities you know, and ONLY AFTER you have verified you really are at their website.

Attention to detail and tread warily, please!