Technical Tidbits™

Posts Tagged ‘adsense’

I know, an odd title, isn’t it? But you’ll see why soon.

I must also add a caveat: This post does contain adult language!

Did you see the movie ‘Network‘? The one where the new anchor loses it on the air, throws his television out the window, and screams, “I’m mad as hell and I’m not going to take it anymore!” Yeah, THAT movie!

Well, I know how the Anchorman feels.

Yesterday, while researching this continuing Botnet issue, I came across a very interesting press release on DoubleClick’s web site. But before I share I that with you, let me digress for a moment.

Remember the big to-do about Google partnering with Yahoo? Remember Microsoft (M$) whinning and complaining about the ’supposed unfair advantage and monopoly’ a partnership between Google and Yahoo would create? Whaa, whaa, whaa! Poor Microsoft!

Then recently, the headlines hit the blogosphere that Google was hours away from being named a monopoly by the U.S. Department of Justice when Google backed off.

Now that I’ve refreshed your memory, fast forward to my noting a press release on DoubleClick’s web site yesterday.

Pop Quiz!

1. Who owns DoubleClick?
2. Who owns and created Silverlight?
3. Who is serving video ads to Silverlight?

Answer Key:

1. Who owns DoubleClick?  Google
2. Who owns and created Silverlight?  Microsoft
3. Who is serving video ads to Silverlight?  Google owned DoubleClick

Now, doesn’t that seem like someone is sleeping with the enemy?

Read it yourself here: http://www.doubleclick.com/about/news_details.aspx?id=1406&linkidentifier=id&itemid=1406

You see folks, what I’ve come to realize is that all this media spin and “woe is me” from Microsoft is nothing more than Microsoft crying wolf. And why? $$$MONEY$$$

What’s that saying? “Money talks, bulls#&t walks?”

It’s okay for Microsoft Silverlight to run Google-owned DoubleClick ads because Microsoft is making money!

It’s NOT okay for Google to partner with Yahoo because Microsoft ISN’T making money!

And why won’t Google, DoubleClick, Yahoo, Right Media, and all the rest of the online advertising companies do something about malware being pushed through their ads? Because they are COLLECTING  MONEY from the advertisers! And because to put a procedure in place to screen those ads and protect visitors, would COST  them MONEY!

Small companies like ours make nothing on the research we do, and practically nothing on the small amount of ads we do run on our site.

Hell, the top day of our Google adsense at the peak of this botnet issue earned us a whopping 27 cents! Whoo Hoo! I’ll take that to the bank as soon as Google decides it adds up to $100 in any given month – READ: I won’t hold my breath waiting.

The truth of the matter is my friends, that we are being fed a HUGE plate of Corporate BS with a side of lies.

Microsoft cares less about Google’s unfair competition with Yahoo. It wants Yahoo for the ad generating revenue it can earn under Yahoo’s name. And why? Because Microsoft’s name can’t earn it!

I could find better search results reading the sediment in my septic tank (like tea leaf reading only grosser) than find anything from Live or MSN Search.

Microsoft knows their search is useless! So they want Yahoo’s name to hide behind so they can rake in the advertising dough.

And if I’m right with my prediction about the upcoming botnet from hell, all the advertising companies will make a fortune from it!

Think about it!

They’ll collect revenue from the advertisers wanting to push the malware. (What better way to deliver an Internet Weapon of Mass Destruction (IWMD) then through ads that are on nearly every single web site!)

Then, they’ll collect a fortune off the adwords related to this new malware and the fix being searched for as millions of broken, infected PCs go online to search for help.

And the botnet creators will make a fortune off the information it gets from every single infected computer and compromised corporate network! (And if you have yet to read the report about this underground economy, please pick up the report here: The Online Shadow Economy.  My paranoia is based on real facts!)

The only people not getting rich off this whole scam are the poor shmucks at the bottom of this food chain. The small companies, small bloggers, and the average Internet users. The very same ones who have to pay for the damage because Corporate A**holes don’t give a s#&t about us!

It’s days like this that I wonder why the h@ll I even bother!

But then, I get an additional reader, or a new subscriber. Perhaps a few new comments posted, and I have hope again. I have hope that there are others like me still out there that are paying attention. Vigilantly watching to maintain the integrity of the Internet.

And YOU make it all worthwhile!

So, for those of you – like me – who want to prepare for what might be coming, I’m going to teach you over the next several posts how to prepare to protect yourself. I think we might be able to avoid the impending damage if we cover our assets, so to speak.

Tomorrow, we will learn how to block the ad servers. Yes, I know, I’m cutting off my 27 cents in revenue by teaching you how to do this. But you never know. If I’m correct in my line of thinking and research, we just might get a legitimate sponsor for this blog! Or maybe someone will donate or buy something from us! You never know! It could happen!

So tune in tomorrow! We’re going to play Medieval Europe and secure the castles!

It doesn’t matter what OS or what browser you’re using. We’ll cover them all!

Oh! I should note however, that so far, our research is showing the Ubuntu (Linux) has not been affected by any of this!

We’ve had much discussion on this blog about Botnets. But what is a botnet?

According to TechWeb, a botnet is:

(roBOT NETwork) Also called a “zombie army,” a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. There is a thriving botnet business selling lists of compromised computers to hackers and spammers.

This is why we are very concerned with why it appears that advertisers are placing something in the ads or javascripts that are setting off the RUBotted alerts.

Advertisements are everywhere. Internet visitors want free content but those of us who have businesses need to pay for our web hosting, domain names, and maintenance to provide free content. So, millions of web owners and bloggers have jumped into accepting ads like Google’s Adsense, and other paid advertisers to keep up with costs while keeping content free.

If, unscrupulous advertisers have figured out a way to get inside our computers without us realizing it, millions upon millions of computers will be compromised and web site owners sponsoring the ads will be to blame.

We are continuing our unending effort to get to the bottom of why the RUBotted pop-ups are continuing.

But for those of you who didn’t understand why this is so important, this is your explanation.

On another related note, even the U.S. Army has gone botnet hunting! Read the Information Week article here:U.S. Army Goes Botnet Hunting.  It’s nice to know we’re in good company!

Also included in this article is a link to the Army’s new release of BotHunter Software (free!) and in Linux, Windows, and Mac distributions.

The BotHuner website states that the new software is:

BotHunter is an application designed to track the two-way communication flows between internal assets and external entities, developing an evidence trail of data exchanges that match a state-based infection sequence model.  BotHunter consists of a correlation engine that is driven by a customized and augmented release of Snort version 2, which tracks the underlying actions that occur during the  malware infection process: inbound scanning, exploit usage, egg downloading, outbound bot coordination dialog, outbound attack propagation, and malware P2P communication.  The BotHunter correlator then ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection.  When a sequence of evidence is found to match BotHunter’s infection dialog model, a consolidated report is produced to capture all the relevant events and event sources that played a role during the infection process.  We refer to this analytical strategy of matching the dialog flows between internal assets and the broader Internet as  dialog-based correlation (patent pending).

I have now downloaded it and will be testing it out and since it’s free, I suggest many of you do the same. This may solve our problem by discovering what it is that’s trying to get through our RUBotted!

One caveat for all of those who are as paranoid as I am: READ THE EULA!

It states:

BOTHUNTER PROFILES.

You may, at your sole discretion, elect to share profile data collected by the Software with SRI.  If You provide any data files to SRI, then SRI shall automatically have the worldwide, perpetual, non-exclusive, royalty-free license to utilize such data files and any derivatives thereof for all purposes without attribution.

So, there can be some sharing of information. It doesn’t say how much is personally identifying! Be forewarned!

Also, there is a statement under the Jurisdiction section:

This Software is controlled by SRI from its offices within the State of California.

Just what it means by controlled, is not clearly spelled out! So, if you’re paranoid of big brother, don’t use this! The EULA is too open ended. I’m using it in the interest of research and you better believe I’ll be doing a few packet captures too!

As always, stay tuned…….

Last night I updated my Flash files and I was still getting notices as per my added notice on the post: A Possible Answer to the RUBotted Pop-ups?

However, this morning – upon boot – I’ve yet to receive one.  I also went directly to the main file disclosed in the previous post that was serving up the ad and I did not receive the pop-up.

At this point, I can only conclude that the flash was the vulnerability and it is NOT a glitch or bug in RUBotted.

Anthony Valente, my partner from Network Defense Solutions is working with the Flash file I sent him this morning to find out what it was in the file that might have been doing this. Only by understanding how the malware providers are pushing this crap on us, can we understand how to protect ourselves.

Stay tuned for more disturbing news about the ad servers from hell! You are not going to be happy when you hear what Anthony has uncovered through my initial research with the Antivirus 2009!

In the meantime, go update your flash players PLEASE!