Dan Goodin

Less than a week after a highly convincing Google-hosted malvertising campaign finally got taken down, the same folks are right back at it.

My post from last week:

https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/

Thanks to @jeromesegura

Google-hosted malvertising leads to fake Keepass site that looks genuine

Google-verified advertiser + legit-looking URL + valid TLS cert = convincing lookalike.

Ars Technica
Oct 25, 2023 at 10:45pmWeb
Show threadDan GoodinOct 25, 2023
https://tanztee.social/@stargazer/111298175728500478
Johnny B. 𓅇 (@[email protected])

@[email protected] @[email protected] there's also vlc.de which was for a long time the top result on google.de. This site has been running for years and distributes a repackaged "Plus"-Version of vlc. I'll give you three guesses about what that "Plus" is...

Tanztee
Show threadDan GoodinOct 25, 2023

It's a shame tech companies can't be held legally liable for the malicious ads they host. If they could be sued for malvertising violations à la Google, they would have figured this problem out a decade ago.

And ideally, damages could be trebled for chronic or repeated violations.

Show threadBillOct 25, 2023
@dangoodin It's the same law that provides @jerry protection from me posting my bullshit though.
Show threadFarce MajeureOct 26, 2023
@Sempf @dangoodin @jerry does it though? Google is literally paying for clickthroughs on this, aren't they?
Show threadBillOct 26, 2023
@vathpela @dangoodin @jerry That is an EXCELLENT point. I do not know the answer to that. Is Jen Granick around these parts?
Show threadIan Douglas ScottOct 25, 2023

@dangoodin I wonder how much of their revenue comes from malicious and illegal advertisements of one form or another.

If they face no penalty and get to keep the money from such advertisers, they are actively incentivized to allow it. As long as it doesn't seem to drive people away from their services. Or drive away other advertisers.

Show threadTHIS ACCOUNT HAS MOVEDOct 25, 2023

@dangoodin we built a solid tech for that in 2011 but Google ventures sold our thing to twitter before we could properly spread it around.

https://www.garymcgraw.com/technology/business/

Business | Gary McGraw

Gary McGraw is Vice President of Security Technology at Synopsys and serves on Boards and Advisory Boards of Max, Ntrepid and Ravenwhite.

Show threadJoe ❌👑Oct 26, 2023
@dangoodin My understanding was that section 230 protects a platform, or the owner of a fediverse instance, from liability for something an end user posts. It isn't clear whether that applies to ads, when a platform is paid to promote something and is pushing it at people who didn't ask for it. But IANAL, so maybe it does.
Show threadRoger A. GrimesOct 26, 2023
@dangoodin Sadly, when the tainted money enriches "good" companies, they tend to be poor defenders and at the very least, very, very slow to respond.
Show threadJohnny B. 𓅇Oct 25, 2023
@dangoodin @jeromesegura there's also vlc.de which was for a long time the top result on google.de. This site has been running for years and distributes a repackaged "Plus"-Version of vlc.
I'll give you three guesses about what that "Plus" is...