Topic: Microsoft

Microsoft's Bing invaded by pharmaceutical scammers

Summary: Rogue online pharmacies have found a way to exploit Bing's advertising program.According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

By Dancho Danchev for Zero Day | August 7, 2009 -- 12:45 GMT (05:45 PDT)

Follow @danchodanchev

Rogue online pharmacies have found a way to exploit Bing's advertising program.

According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own "Display URL" and a separate "Destination URL" for displaying their ads.

More findings:

89.7% of Internet pharmacy advertisements on bing.com that we reviewed are operating unlawfully. (Of the other 10.3%, about half are verified as legitimate, and half are "unverified" according to our standards.)
The majority of Internet pharmacy ads, and all ten of the sample ads that we dissected, did not require a valid (or any) prescription. We successfully attempted a test buy in two cases, receiving drugs in both cases that appeared to come from India
Some of the drugs sold via bing.com ads tested positive as counterfeit
Most of the Internet pharmacy advertisements that we analyzed are members of affiliate networks controlled by organized crime in Russia and Eastern Europe
In some cases, rogue Internet pharmacies have "hijacked" a legitimate Internet pharmacy's domain name: the ad will look like it has been listed by a licensed, US-based pharmacy, but actually clicks-through to a rogue Internet pharmacy. This implies serious security holes in Microsoft's advertising program

Despite that the research clearly demonstrates systematic abuse of a search engine that's gaining momentum, it's worth pointing out that these very same scammers are investing money in ads in between their main traffic acquisition tactic in their arsenal - blackhat SEO (search engine optimization) and spam.

On daily basis, hundreds of thousands of insecurely configured web servers become part of these campaigns, next to the systematic abuse of legitimate services such as Yahoo Groups, About.com forums, Scribd, SlideShare, LinkedIn, MyYearBook, and Digg -- for starters. Collectively the traffic and sales that come from this abuse result in a positive return on investment for the scammers due to the efficient ways in which they abuse the services.

Say yes to your health, and don't bargain with it.

Topics: Microsoft, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

49 comments

Log in or register to join the discussion

quote

<i>"This implies serious security holes in Microsoft?s advertising program"</i>

All I can vision here is Homer Simpson slapping forehead and saying "Doh!!"

Who'd ever thought, Microsoft and Security holes, who knew. Glad I don't use Bing.

"Fraud" - Just "B(r)ing it"

xXSpeedzXx
7 August, 2009 13:10

Reply Vote
- Yeah, like Google doesn't suffer from the same problem?
  
  How many times have you read about Google being hijacked with malware advertisers getting top ratings on Google?
  
  Yeah, this is a Microsoft only problem... keep telling yourself that.
  
  Confused by religion
  7 August, 2009 14:11
  
  Reply Vote
  - but,but,but
    
    Is not Microsoft supposed to be better? I ask you?
    
    Intellihence
    7 August, 2009 14:12
    
    Reply Vote
    - Microsoft is better than Google.
      
      If you don't believe me, ask Microsoft.
      
      fr0thy2
      7 August, 2009 14:23
      
      Reply Vote
  - Never said anything about Google...
    
    Sometimes it is better to avoid talking so as to avoid inserting foot into mouth.
    
    Edit: And I never said that Google has never been exploited or any other search engine for that matter. Just simply stated a fact that I don't use b(r)ing...
    
    xXSpeedzXx
    7 August, 2009 14:24
    
    Reply Vote
One time while I was playing cards with an old man from Hoboken,he said

bing,bing,bing,bing,bing.

You sir are a WINNER.

Intellihence
7 August, 2009 13:28

Reply Vote
RE: Microsoft's Bing invaded by pharmaceutical scammers

So the exploit has been found, Microsoft will be quick to patch it and not allow this sort of thing to happen again. Its not like they were the first search engine this happened to. Oh and those illegitimate advertisements won't do any good anyway, no one clicks on those pharmaceutical ads anymore. And this only affects ads, not the search engine or a user's PC. Nothing to see here folks, move along.

Loverock Davidson
7 August, 2009 13:44

Reply Vote
- Exactly!
  
  And that is why MS is only a 2 or 3 in Project Excellence. They don't seem to learn from the past (or present).
  
  Its groundhog day everyday.
  
  If they could improve their PM habits then people may start expecting more from them. Expectations for Win 7 are mixed at best because of their past.
  
  maskman01
  7 August, 2009 13:55
  
  Reply Vote
  - "Expectations for Win 7 are mixed at best because of their past."
    
    Never a truer word said.
    
    Even politicians and managements types are now savvy enough to see enough evidence repeated over and over again that Microsoft is just a load of hot air that has been holding the computer industry back for years and years.
    
    The smart companies will deploy at least 50% FOSS. The FOSS staff can then take over from the mouse wielding ones and get the rest of the infrastructure reliable, efficient and future proofed of forced/surprised/unnecessary invoices.
    
    It is happening.
    
    fr0thy2
    7 August, 2009 14:27
    
    Reply Vote
  - "Mixed at best"?
    
    Microsoft is headed for a solid success with Windows 7.
    
    The ABMers are running scared. So scared that they now have to invent "show-stopping memory leak" bugs. Which of course turns out not to be a bug at all and only shines light on the desperation and cynicism of certain "journalists". It's pathetic
    
    honeymonster
    8 August, 2009 02:40
    
    Reply Vote
    - Running scared?
      
      Why would anyone be doing that?
      
      What's the "killer feature" that would make that even a prospect?
      
      That and I'm still waiting for someone, anyone, to give a decent explanation of the term "decision engine." The best attempt so far has been to "define" my (now passed on) granny as the "decision engine." No one dared challenge her decisions :P
      
      zkiwi
      8 August, 2009 11:47
      
      Reply Vote
      - 'Decsion engine' is the term you use when you are not #1 in search.
        
        Basically, since <a href=http://www.google.com/>Google</a> is the undisputed leader in search, rather than compete as a 'search engine' (where they would be #4 currently behind <a href=http://www.baidu.com/>Baidu</a> and <a href=http://www.yahoo.com/>Yahoo</a>) (Source: <a href=http://marketshare.hitslink.com/search-engine-market-share.aspx?qprid=5>Search engine market share</a> (though other sources may have different results)) and you create a new marketing term to describe your (search engine) service. (Note: <a href=http://en.wikipedia.org/wiki/Carol_Bartz>Carol Bartz</a> claims that Yahoo! is not a search engine and may be unaware of <a href=http://www.archive.org/index.php>Internet Archive</a> which has copies of Yahoo going back to 1996 (first Yahoo page).
        
        The marketing hype goes as follows: a decision engine (<a href=http://www.bing.com/>Bing</a>, <a href=http://www.hunch.com/>Hunch</a>, etc.) helps you make decisions (by returning answers to your questions thus allowing you to make a decision. Microsofts explanation is <a href=http://www.decisionengine.com/Letter.html>here</a>.
        
        B.O.F.H.
        9 August, 2009 07:26
        
        Reply Vote
      - Ok, but...
        
        I think I prefer the "decision engine" as being a strong minded granny who gives you one choice, hers! :P
        
        zkiwi
        9 August, 2009 11:43
        
        Reply Vote
      - "returning answers to your questions thus allowing you to make a decision"
        
        So by looking at the query results presented people then should make a decision about which link to click, or is it more "advanced" and rewrites your question for you?
        
        You can spot an MS decision engine a mile away. Type in "install Linux" and it'll take you straight to results for Windows Volume Licensing.
        
        fr0thy2
        9 August, 2009 19:43
        
        Reply Vote
      - @fr0thy2 - Please stop lying.
        
        It's fine to advocate for open source. It has awesome advantages. I'm learning how to use Linux now. But when you use archaic information and/or outright lies, it really reflects poorly on the Open source community, as well as your credibility.
        
        When is the last time you did a search for "Install Linux"? None of the links have anything to do with Windows Volume Licensing. The closest thing is a link to running Linux on Windows.
        
        So I'm begging you, please stop.
        
        $ sudo apt-get install truth
        
        PlayFair
        10 August, 2009 07:05
        
        Reply Vote
      - install?
        
        I tried that and got a list of articles on how to install linux. Nothing (on
        the first page, at least) about Windows licensing.
        
        levinson
        10 August, 2009 13:57
        
        Reply Vote
      - Decision engine??
        
        Funny; I just tried it and got 5 pages of various linux pages, the 1st one shows this:
        * Download Info
        * Applications
        * Distributions
        * General Info
        
        * Courses
        * Hardware
        * Register
        * Bookstore
        
        Show more results from www.linux.org
        
        No reference to any Microsoft products.
        
        cbiggs99@...
        10 August, 2009 19:35
        
        Reply Vote
      - humor= $6 a dose
        
        Apparently none of you get the joke.
        
        frOthy2 tends to have dry wit and it takes a second to realize it.
        
        For example, by saying that if you type "install Linux" into Bing it will take you straight to results for Windows Volume Licensing, he's pointing out the typical spin given by sales staff.
        
        When you mention a competitor, they try and refocus to themselves.
        
        He wasn't saying it would literally takes you to search results for "Windows Volume Licensing".
        
        It's sad, tech sites should be filled with smarter people. At the very least, you should be able to understand simple dry wit.
        
        tmsbrdrs
        11 August, 2009 00:25
        
        Reply Vote
      - @tmsbrdrs about humor and wit
        
        Yeah many people might not get the joke, for a damn good reason.
        
        (yes, I went to bing just to test it. It wouldn't have surprise me one bit to even get a ton of ads relating to Volume Licensing and stuff)
        
        There are so many people posting in bad faith, in both camps, so it's hard to make the difference between bad faith and a joke.
        
        Although, it was a good one :-)
        
        Angel_LB
        11 August, 2009 05:12
        
        Reply Vote
      - that is bull
        
        i just searched "install linux" on bing and got this result page
        
        http://www.bing.com/search?q=install+linux&src=IE-SearchBox&Form=IE8SRC
        
        JamesDoyle
        15 August, 2009 15:49
        
        Reply Vote