Malware-infected WinRAR distributed through Google AdWords
Summary: Scammers are at it again - taking advantage of Google sponsored ads for acquiring traffic in order to redirect it to malware-infected copies of legitimate software. win.
Scammers are at it again - taking advantage of Google sponsored ads for acquiring traffic in order to redirect it to malware-infected copies of legitimate software. win.rar GmbH is warning users of an ongoing fraudulent AdWords campaign pushing a malware-infected copy of WinRAR, the popular archiving application. Starting from the basic fact that, both, legitimate and malicious users can purchase their visibility, the fake WinRAR release is only the tip of the iceberg.
Let's take a peek at the campaign impersonating Download.com -- impersonation is a form of flattery -- and discuss a separate campaign promising to deliver free copies of the free in general, WinRAR and WinZip, managed by a Zango adware affiliate.
Upon searching for WinRAR, the bogus ad appears at the top of the search results, with the actual fake Download.com site located at dreamcentury .cn/winrar.htm. Upon execution, the fake WinRAR sets the foundation for the second part of the scam, since the affected users would be periodically redirected to rogue security software sites, urging them to take action and disinfect themselves.
- Go through related attack tactics - Cybercriminals syndicating Google Trends keywords to serve malware; Fake WordPress site distributing backdoored release
WinRAR is also impersonated in another currently active AdWords campaign, next to WinZip, with the second campaign operated by Zango affiliate, a well known adware vendor. Zango's campaign is naturally not delivering any copies of WinRAR or WinZip, instead it's pushing a copy of their toolbar taking advantage of fraudulent practices.
The participants in Zango's affiliate network and the rogue security software one, are generating revenues based on the number of installations, with the affiliate model's high payout rates as the main incentive for the introduction of new tactics. And whereas Google's AdWords seems to be part of their ad budget in this particular case, sponsored ads are only part of the (fraudulent) marketing mix, with blackhat search engine optimization tactics remaining the traffic acquisition tactic of choice.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Time to use another search engine.
Or use 7zip. It has a RAR compressor in it so extraction isn't an issue.
Just google searched it...
Re: Just google searched it...
The ads are both active at U.K's Google - google.co.uk
The more the plumbing
Why does this surprise anybody?
Hopefully, they do pull ads when scams or fraudulent claims are reported to them. but just like newspapers, they can't revoke or "unpublish" some of the ad instances. They just do the best they can.
I personally don't understand why people can't have a little sense when surfing the internet. We've had people bring laptops to us that were just crammed with malware and spyware, to the point of being unusable. Got a few people fired, too, because some of it came from surfing porn sites, which is a BIG no-no in our company.
I downloaded a macro making program
You mean it's not already a scam?
7Zip is good, true - but it does NOT pack RAR
Supported formats:
Packing / unpacking: 7z, ZIP, GZIP, BZIP2 and TAR
Unpacking only: ARJ, CAB, CHM, CPIO, DEB, DMG, HFS, ISO, LZH, LZMA, MSI, NSIS, RAR, RPM, UDF, WIM, XAR and Z.
RE: Malware-infected WinRAR distributed through Google AdWords
Just don't click on sponsored links
If people stopped suckering for the sponsored links, Google would have to take action in order to restore trust in them or advertisers would stop buying them.
RE: Malware-infected WinRAR distributed through Google AdWords
Try IZARC
RE: Malware-infected WinRAR distributed through Google AdWords
<a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>