Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Google Serves Ad For Adware/Spyware

image
JULIEN SOBRIER
January 03, 2012 - 1 min read
Last year, we wrote about Bing and Yahoo! serving ads leading to malicious websites. This week, it was Google who inserted ads for adware/spyware.

I found a suspicious ad in my Google Reader for a free FLV player. I've recently shown that this type of free software is regularly repackaged with adware/spyware for profit.
 
Image

The ad leads to a download page for FoxTab FLV Player. There is a disclosure statement at the end of the page discussing the content of the bundle: "This product is totally free and offers the user additional bundle products that may include advertisement."
 
Image
FLV Player download page

The adware/spyware is flagged by only 4 antivirus vendors out of 43. A behavioral analysis of the executable provided much more information about packages that were downloaded and ports open on the machine, etc.

The ad was found on the RSS feed of a security company specialized in cleaning up infected websites. This highlights the fact that even reading content from otherwise legitimate resources can inadvertently lead users to unwanted applications when sites include third-party elements (JavaScript driven ads in this case, but also IFRAMES, widgets, etc.) that they do not not have control over. Even trusted third-parties like Google are apparently not succeeding in delivering 100% adware/spyware free content to users.

Happy New Year 2012!
form submtited
Thank you for reading

Was this post useful?

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.