Google advertisements automatically redirected users to malicious sites

Cybercriminals have abused Google Adsense advertisements to display malicious ads on websites that redirected visitors to scam sites.  Webmasters complained about the advertisements that caused visitors to be automatically redirected.



The scam sites on which visitors landed offered weight loss, anti-aging and IQ enhancing products. The sites looked like legitimate blogs and magazines with all kinds of fake scientific research on the offered products, enhanced with fake recommendations of “customers”.

The issues with the malicious advertisements started around the middle of December and saw a large peak on Friday the 9th of January. On the Google Adsense Forum more than 180 complaints of angry webmasters were posted that day. Webmasters displaying Google Adsense advertisements noticed how their visitors were redirected by the malicious advertisements. Google resolved the issue a day later on January 10th.

According to security company Sucuri the attackers used two legitimate Adsense campaigns to which they likely gained access with stolen login data.  The ads contained Javascript code which in its turn loaded the malicious code.

Researcher Denis Sinegubko from Sucuri wonders why Google allows advertisers to use potentially dangerous code. “I realize that Google wants to provide advertisers with some level of flexibility in managing their campaigns and use allows to use scripts off of their own sites. I also realize that the at the moment of the initial ad reviews those scripts didn’t do anything malicious and only began misbehaving after they had been approved. But anyway, there should be a better control over third-party scripts.”

Sinegubko also mentions that while nobody likes advertisers, they are indispensable for many websites.”I’m not telling you to remove all ads from your site”, he advises webmasters, “But I invite you to think about the security and reputation implications that bad ads may have for your site. Consider any third-party script that you place into your site code as a potential threat. Especially those that (like ad scripts) allow others (who you don’t even know) to place content (banners, widgets) on your site.”