Last year, we wrote about Bing and Yahoo! serving ads leading to malicious websites
. This week, it was Google who inserted ads for adware/spyware.
I found a suspicious ad in my Google Reader for a free FLV player. I've recently shown that this type of free software is regularly repackaged with adware/spyware for profit
The ad leads to a download page
for FoxTab FLV Player
. There is a disclosure statement at the end of the page discussing the content of the bundle: "This product is totally free and offers the user additional bundle products that may include advertisement.
|FLV Player download page|
The adware/spyware is flagged by only 4 antivirus vendors
out of 43. A behavioral analysis of the executable provided much more information
about packages that were downloaded and ports open on the machine, etc.
Happy New Year 2012!