ReveNews
-
NAVIGATION
-
TOPICS
-
THE REVENEWS BLOGGERS
-
QUICK CONTACT
Google Compliance Slams Low Level Obfuscation
Recently I reported on what I considered a Google Adsense page that was basically “browser spam”- a page constructed to stuff the index with pages in order to redirect traffic through Adsense ads. The problem was the only content on the page was an Adsense ad.
Sorry my friends at Google but you knew it was coming. Here is one reason why merchant’s want granular control over where their CPC ads are placed. Pay attention Microsoft and Yahoo!
Note the use of canonical domain name: spywareremoval
Primary domain name: cnetspyware.com
And the hot button words in the sub directory: windows-xp-spyware
Lastly, and most importantly note the quality content…
It appears the powers that be at Google that read Revenews.com took the snapshot seriously.
If you visit the “content-rich” (cough) http://www.spywareremoval.cnetspyware.com/windows-xp-software you will notice there are no more Google Adsense ads being displayed. The page does sport a nifty obfuscated script which I may get around to de-obfuscating if I get bored. Based on analysis of pages in the MSN index I would hazard a guess the “content” is basically a low-level form of cloaking. To see how I make this logical deduction reference the MSN Index Results as of July 30, 2005:
http://search.msn.com/results.aspx?q=site%3Awww.cnetspyware.com
Note the titles, then hit the page and view source and you’ll be treated to similiar low-level obfuscation.
var asdplf = new String(unescape(’%3C%73%43%72%69%50%74%20%20%20%20%20%20%54%59%
50%65%3D%27%54%45%58%74%2F%6A%61%76%41%53%43%72%69%50%54%27%3E%
0A%3C%21%2D%2D%0A%64%6F%43%55%6D%65%4E%74%2E%77%72%69%74%45%20
%20%20%20%20%28%22%3C%22%20%20%20%20%20%2B%20%20%20%22%53%43%72%
69%70%74%20%20%20%20%20%74%59%50%65%3D%27%74%65%78%74%2F%4A%41%
56%61%73%63%72%69%70%54%27%20%20%20%53%72%63%3D%27%22%29%3B%0A%
44%4F%63%75%6D%45%6E%74%2E%57%72%49%74%65%20%20%20%20%20%20%20%
20%28%22%48%54%74%70%3A%2F%2F%77%77%77%2E%59%6F%75%72%4E%4F%46%
4F%2E%63%6F%6D%2F%6C%43%61%52%53%2F%74%43%2F%50%61%67%45%2E%50%
68%50%3F%52%45%46%65%72%65%52%3D%22%20%20%20%2B%20%20%65%73%63%
41%50%45%28%44%6F%63%75%6D%65%6E%54%2E%72%65%46%65%72%52%65%72%
29%29%3B%0A%44%6F%63%55%4D%65%6E%74%2E%77%52%69%74%65%20%20%20%
20%20%20%20%28%22%27%3E%3C%22%20%20%20%20%20%2B%20%22%2F%53%63%
52%69%70%74%3E%22%29%3B%0A%2D%2D%3E%0A%3C%2F%53%43%52%69%50%74%
3E%0A’));
document.write(asdplf.toLowerCase());
Thumbs up to Google for a quick response but I would prefer a perfect world where these kinds of pages never make it into the index at all.
Now if Google wants to go the extra mile they might take the second step and simply eject the remaining two pages of this domain out of Google index and it would be just a little less polluted. MSN needs to get a clue.
Have more stellar examples of crummy Adsense spam? Send them direct to this blogger and let’s explore how bad the problem really is or isn’t.
Hey Wayne! I just added you to my blogroll on Spyware Informer, mind adding me to yours?
Great work on exposing this practice, Wayne. I’ve seen quite a few pages like the one you found. I’m with you, those kind of pages should never make it into the index or even be published in the first place.
Great work on exposing this practice, Wayne. I’ve seen quite a few pages like the one you found. I’m with you, those kind of pages should never make it into the index or even be published in the first place.
Hey Alex- great blog! Consider it done. Please note on your blogroll it is Revenews and not RaveNews…although I do tend to rant and rave. Please drop me a direct line via e-mail when you get the chance. wporter@gmail.com
LOL, I’m sorry about that! That’s rather funny, but I’ll change it!
There is an easy way to deobfuscate this kind of thing… go to the offending page, enter the following in the address bar and hit enter:
javascript:void(prompt(”,document.body.innerHTML));
The deobfuscated HTML then pops up in a JavaScript prompt so you can copy and paste into a text editor.
The script on the page in question writes in an HTML <frame> tag with a source of http://www.yournofo.com/lcars/tc/m/139,257970.html