0
(Image: ZDNet)
For hours on Thursday, the top Google search result for “Amazon” was pointed to a scam site.
The bad ad appeared at the very top of the search result for anyone searching for the internet retail giant — even above the legitimate search result for Amazon.com. Anyone who clicked on the ad was sent to a page that tried to trick the user into calling a number for fear that their computer was infected with malware — and not sent to Amazon.com as they would have hoped.
The page presents itself as an official Apple or Windows support page, depending on the type of computer you’re visiting the page from.
An analysis of the webpage’s code showed that anyone trying to dismiss the popup box on the page would likely trigger the browser expanding to full-screen, giving the appearance of ransomware.
A one-off event would be forgivable. But this isn’t the first time this has happened.
It’s at least the second time in two years that Google has served up a malicious ad under Amazon’s name. Over the past year, we’ve heard of several cases of bad ads that have redirected users to malicious pages, but to our knowledge have never directly served malware.
There’s no way to tell how many users clicked the link, but by Google Trends figures, Amazon is the top search result for retail companies on the search engine, accounting for millions of searches every day.
Like the last time we reported on this problem, the paid ad was served through Google’s own ad network and appears through a proxy script on a malicious domain to make it look as though the link fully resolves to this Amazon.com page — likely in an effort to circumvent Google’s systems from flagging the ad.
The malicious domain — which we are not publishing — was registered by GoDaddy, likely with fake information. The apparent domain owner didn’t respond to our inquiries.
(Image: ZDNet)
Google was immediately informed of the bad ad, but a spokesperson when reached would not comment on the record.
We also contacted GoDaddy, which within an hour pulled the site offline.
“After review, our security team found it violated our terms of service and removed the website from our services,” a spokesperson told ZDNet.
Amazon declined to comment.
The FTC has for years squashed tech support scams that often result in malware or ransomware being installed on your computer, and used as leverage to force victims to pay up to have the malware removed.
Google, one of the largest advertisers on the internet, said this week that it took down more than three billion bad ads last year, and banned 320,000 publishers from its ad network for violating its terms.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read More
ZDNET INVESTIGATIONS
Lawsuits threaten infosec research — just when we need it most
NSA’s Ragtime program targets Americans, leaked files show
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
Related Topics:
Security TV
Data Management
CXO
Data Centers
0