By: Julien Sobrier

Google Serves Ad For Adware/Spyware

Advertising

Last year, we wrote about Bing and Yahoo! serving ads leading to malicious websites. This week, it was Google who inserted ads for adware/spyware.

I found a suspicious ad in my Google Reader for a free FLV player. I've recently shown that this type of free software is regularly repackaged with adware/spyware for profit.
 

The ad leads to a download page for FoxTab FLV Player. There is a disclosure statement at the end of the page discussing the content of the bundle: "This product is totally free and offers the user additional bundle products that may include advertisement."
 
FLV Player download page

The adware/spyware is flagged by only 4 antivirus vendors out of 43. A behavioral analysis of the executable provided much more information about packages that were downloaded and ports open on the machine, etc.

The ad was found on the RSS feed of a security company specialized in cleaning up infected websites. This highlights the fact that even reading content from otherwise legitimate resources can inadvertently lead users to unwanted applications when sites include third-party elements (JavaScript driven ads in this case, but also IFRAMES, widgets, etc.) that they do not not have control over. Even trusted third-parties like Google are apparently not succeeding in delivering 100% adware/spyware free content to users.

Happy New Year 2012!

Learn more about Zscaler.