Google’s World Domination
Lots and lots of Google news recently, but today it seems some of the pieces of the puzzle are coming together. Not only have they recently beaten Microsoft in brand recognition, now they have overtaken them as the most visited site, according to comScore Networks, edging them by about a million unique visitors in March.
“These are really significant events,” said Geoffrey Bowker, executive director of the Center for Science, Technology and Society at Santa Clara University. “At the moment, everything that Google is touching turns to gold.”
For the first time, Google has edged ahead of Microsoft as the world’s most visited Internet property. Online measurement firm comScore Networks found that Google had just over a million more unique users in March than its arch-rival.
Google had 528 million unique visitors in March, up 5 percent from the previous month, according to comScore. Microsoft had 527 million visitors during the same month, up 3.7 percent.
Google, in particular, faces a number of risks, ranging from a lawsuit by Viacom over copyright infringement on YouTube to political uproar over censoring search results in China.
“It’s an uncertain time,” Bowker said. “Just because you pass a milestone and everything is going so swimmingly doesn’t mean you can’t crash and burn.”
Censoring search results in China brings me to another article posted today, China Telecom gives Google Web advertising rights in which we are told China Telecom Corp. has given Google Inc. the right to offer advertising on over 400 Web sites owned by the Chinese firm. Li Kaifu, president of Google China, was quoted as saying the deal gave the U.S. company broader opportunities to develop in China, the world’s biggest Web market by users after the United States.
Now, I don’t want to say Google would do anything for money, but, for a few billion more….
A few other posts have caught my attention as well, one from Search Engine Roundtable Beware Of Google AdWords Account Hacks via Computer Exploit, in which Rustybrick says he was able to piece together what happened.
It appears that some external program gained access to his computer. The program then logged into his AdWords account, set up several ads that redirected to “places like orbitz.com and business.com” and also tried to install “activex remote desktop program” on those computers through the redirects (to infect other computers). Then it blocked access for that computer to login into AdWords by setting the local host files to 127.0.0.1 adwords.google.com (which means if someone on that computer tries accessing adwords.google.com, they get a not found). This prevents this computer from logging into AdWords to see if changed have been made to the account.
Which goes hand in hand with the other two, the first one, Google sponsored links not safe?, talks about how some ads are redirecting through this site, smarttrack.org, which uses a modified MDAC exploit to try to install a backdoor and a post-logger on your system. The post-logger is targeting about 100 banks from around the world, by injecting extra html into those banks response pages, to try to coax extra information out of the victim.
We’ve been watching an interesting puzzle for a couple of weeks now, and last night the last couple of pieces fell into place. Since the 10th April, our community intelligence network has been finding exploit detections _seemingly_ at household name sites like the Better Business Bureau and cars.com but are actually coming from a place called smarttrack.org masquerading as one of the legit sites.
First, however, it takes the unwary traveler through smarttrack.org, which uses a modified MDAC exploit to try to install a backdoor and a post-logger on your system. The post-logger is specifically targeting about 100 banks from around the world, by injecting extra html into those banks response pages, to try to coax extra information out of the victim. (Although it specifically targets those 100, it is an equal-opportunity logger and happily logs all user ids and passwords for any webpage.)
Also, because the post logger is a browser helper object, it is part of the end-point of any SSL transaction, and can see everything in plain text, instead of encrypted.
They go on to note that you don’t see the url when clicking on the paid results like you do the organic search results, and they are partially right. You can click on the url and not release the mouse button on most url’s and if you slide the mouse off of the link, then it will not click it, but this doesn’t always show a url, and in the case of the paid ads, the url is so long because of all of the stuff Google puts in front of it, you couldn’t see the destination url even if it did work. But you can right click it and copy the shortcut and paste it into something to see what the destination is. I know, it’s not a solution to anything, just saying this is a way to see the url. Since most people probably don’t do this, they have to trust that Google wouldn’t send them to a site that will try to exploit something on their machine, and since these are paid ads, it means that Google has looked at the site, correct?
And one from Security Fix covering the same thing, Virus Writers Taint Google Ad Links, and a couple more from Search Engine Roundtable just to round out the mix, Do Irrelevant Google AdSense Ads Frustrate You? and Recent Drop In Google AdWords Referrals?
So, could the program that hacked the adwords account be adding these type of ads, or is it some other unrelated person or persons doing this? I am going to ping the gentleman who had his account hacked to find out for sure.
The last paragraph in the first quote above got me to thinking about this and what it would take for Google to crash and burn. It would have to be something very dark and sinister I think, such as a Google owned site stuffing machines full of malware, hosting child porn or something for them to have a mass exodus, but, if enough people get hammered with malware after clicking on a Google ad, how long would it be before adwords was useless and Google’s search wasn’t trusted?
