March 3, 2010 1:25 PM
- Text
Google Held Hostage: "Rev-advert" Malware Redirects Searches to Advertisers
(MoneyWatch) 
Advertising malware called "Rev-advert.com" is infecting Firefox and Internet Explorer users who use the Google (GOOG) search box embedded in those browsers. Currently, none of the major anti-spyware products are capable of removing it.
Rev-advert appears to have shown up widely in December, and started infecting large numbers of browsers in February. (You can see frustrated users trying to puzzle out the problem here and here and here and here.)
The bug redirects Google searches through rev-advert.com, which then alters the links that Google displays as search results. Frequently, a user clicking on an altered link is then redirected to an advertiser's web site.
Although many of the advertiser sites are held by dubious typosquatters, some of them are real companies. InStyle magazine, Turbotax, and (of course) Pfizer (PFE)'s Viagra are among the mainstream advertisers to whom Rev-advert diverts unsuspecting users.
It's hard to believe that the companies know they're receiving traffic from malware. But there is precedent for just that scenario: J.C. Penney Co., Capital One, Vonage, Monster Worldwide, Expedia, Priceline.com, and Orbitz have all been caught using ad spyware to direct users or create unwanted popups. Many of those pop-ups were generated by Gator, a product that came bundled with Kazaa, a file-sharing service that was popular in the early 2000s. Mercedes Benz and Dell have both fired ad agencies who used spyware to gather users.
Rev-advert is a cunning device: It doesn't slow down your machine in any significant way, and it doesn't interfere with most searches. In fact, when you end up on a misdirected page you can get the genuine link simply by going back to Google and clicking on the same link again. It's irritating, but not irritating enough to cause widespread annoyance. It often takes days or weeks before a user realizes what is going on.
Worse, there's currently no easy cure. Major anti-malware programs -- Malwarebytes' Anti-Malware, AdAware, Spybot Search & Destroy and Norton Symantec -- cannot detect or remove it. Best Buy's Geek Squad has a fix for it, but that will cost you in excess of $300.
Disclosure: The author's machine was infected by Rev-advert. It's fixed now. Image by Flickr user Argonne National Laboratory, CC 2.0.
Advertising malware called "Rev-advert.com" is infecting Firefox and Internet Explorer users who use the Google (GOOG) search box embedded in those browsers. Currently, none of the major anti-spyware products are capable of removing it.Rev-advert appears to have shown up widely in December, and started infecting large numbers of browsers in February. (You can see frustrated users trying to puzzle out the problem here and here and here and here.)
The bug redirects Google searches through rev-advert.com, which then alters the links that Google displays as search results. Frequently, a user clicking on an altered link is then redirected to an advertiser's web site.
Although many of the advertiser sites are held by dubious typosquatters, some of them are real companies. InStyle magazine, Turbotax, and (of course) Pfizer (PFE)'s Viagra are among the mainstream advertisers to whom Rev-advert diverts unsuspecting users.
It's hard to believe that the companies know they're receiving traffic from malware. But there is precedent for just that scenario: J.C. Penney Co., Capital One, Vonage, Monster Worldwide, Expedia, Priceline.com, and Orbitz have all been caught using ad spyware to direct users or create unwanted popups. Many of those pop-ups were generated by Gator, a product that came bundled with Kazaa, a file-sharing service that was popular in the early 2000s. Mercedes Benz and Dell have both fired ad agencies who used spyware to gather users.
Rev-advert is a cunning device: It doesn't slow down your machine in any significant way, and it doesn't interfere with most searches. In fact, when you end up on a misdirected page you can get the genuine link simply by going back to Google and clicking on the same link again. It's irritating, but not irritating enough to cause widespread annoyance. It often takes days or weeks before a user realizes what is going on.
Worse, there's currently no easy cure. Major anti-malware programs -- Malwarebytes' Anti-Malware, AdAware, Spybot Search & Destroy and Norton Symantec -- cannot detect or remove it. Best Buy's Geek Squad has a fix for it, but that will cost you in excess of $300.
Disclosure: The author's machine was infected by Rev-advert. It's fixed now. Image by Flickr user Argonne National Laboratory, CC 2.0.
Latest Now in MoneyWatch
- Friendly's CEO steps down
- Quarterly loss hits $3.3B at Postal Service
- Greeks rail against cuts as EU demands more
- Valentine's Day: 9 places to save
- 6 things you should never share on Facebook
- Make moves now to increase financial aid
- GreenCloud saves paper, toner, money and time
- Obama plan for manufacturing revival a tough sell
- Leadership lessons from Alaska Airlines
- Foreclosure pact: Enough help for homeowners?
- EU: Greece must cut deeper to get bailout
- Big banks, gov't officials strike $25B deal
- LinkedIn swings back to profit
- LinkedIn doubles revenue, beats growth estimates
- Kodak to stop making digital cameras, frames
- Market cap, schmarket cap, Apple still gets no respect
- Philip Morris Int'l income up nearly 8 percent
Latest CBS News Headlines
on Facebook
on CBS News
- $26B mortgage deal: Who gets the money?
- AP Top Extended Financial Headlines At 7:36 a.m. EST
- Stock futures fall on Greek deal holdup
- Friendly's CEO steps down
on Facebook
- Tenn. father charged with murdering couple who"unfriended" daughter on Facebook
- "Person to Person" with George Clooney
- Adele opens up about vocal cord surgery
on CBS News
