How Google Russia advertises virus writers
Initially, this material began to form as separate notes in my LJ. The story turned out in three parts and, it seems, is still not over. I will not save here and paste the contents of notes from LiveJournal so as not to violate the traditions of the resource, but briefly summarize them and gather all the information together, good, now it is easier to do.
The conclusion I made and which is still valid is simple: Google Russia makes money from advertising for viral, fake websites, making a profit from advertising these websites in its ad network AdMob.
It was worth looking at and starting to click on the displayed banners in order to understand: more than 80% of the adverts issued by the AdMob system on a mobile device are fake sites that impersonate Google’s app store, but have nothing to do with the original Google Play.
')
I just launched the free version of “Birds in Space” and began to reload the level time after time, checking what kind of advertising is displayed on the screen.
First of all, I drew attention to the advertising, kakbe hinting at the "many free toys":
Each of these banners leads to a separate URL, but the sites are made as a carbon copy:
Already one name posted on the site directly violates the brand of Google itself. If you punch through whois, it turns out that all of these sites are registered to a private person (it’s not important). Why would someone organize a fake site and get free programs from there? The goal can be only one - to slip programs infected with viruses.
Of course, when you try to install an application downloaded from these pseudo-stores, the device displays a warning: “Are you sure?”
But after all, many users who have little understanding of what the system wants them to do will simply ignore this warning and give their consent to the installation, which is what virus writers need.
The next in terms of the number of hits was the advertisement of a supposedly new client for the Vkontakte network:
Clicking on this banner did not display either the store or even the Vkontakte site. Immediately from the browser began downloading the apk-file with a completely “left” resource of some file hosting:
Attempting to download "Translator on Android phone" led to the site, already more carefully disguised under Google Play, but still no relation to the original application store that does not have:
Very often, I was ultimately asked to update Skype, although it was not installed on my phone:
The next option “razvodilova” was the offer to download “Navigator on Android phone.” The crookedly torn icon from Navitel-Navigator already seemed to be suspicious in itself:
Again the same left site iplay-android.net:
The pseudo-Yandex.navigator theme was even more fun:
At first, a strange redirect from the left site worked:
... to the rubbish already familiar to us
... and HERE SAME, “without declaring war”, without any requests to the user, the download of the APK file began:
Normal, without cheating, advertising was only one thing spinning - the Booking.com service, which really led to a real Google Play after the click:
Other advertisements also flashed, but it was so rare that I could not trace them (after each screenshot, the game paused and the advertisement disappeared from the playing field). The overall percentage of "left" advertising was clearly more than 80%.
All these observations I set out first in the first publication of April 20 and gave links to it on Twitter and Facebook, mentioning @GoogleRussia explicitly. The reaction was zero. Then a second note appeared on April 25, to which I tried to attract the attention of as many of my acquaintances as possible, including and from among IT journalists. And although the second time, too, there was no response from Google Russia, however, the next day, when I decided to collect clear statistics on the appearance of certain banners, I saw that there were no ads in Birds, or only single booking.com
“Hurray! Victory! ”I said to myself, but as it turned out, I was glad early. "Complete calm and beauty" were only in Angy Birds! All we had to do was launch another application that supports AdMob, and the same familiar banners appeared on the screen:
I admit that new “honest” advertisements appeared, regularly causing the real Google Play, but the presence of the old “leftists” indicates that the problem has not been completely solved. Those. the order was imposed purely cosmetic, just as all the garbage from the room was swept under the carpet - “Perhaps they would not notice!”
Yes, many ad networks sin in the same way, skipping content that is infected with viruses. Here is a message from a friend of mine that the WP7 ad network suffers like this. But the piquancy of this case gives the fact that the AdMob advertising network is directly one of the divisions of Google. And the “leader” in leaks and ease of virus infection among mobile devices is now Android - another brainchild of the corporation. It turns out that Google itself also helps spread viruses to its mobile devices, and even gets paid for it! (for advertising in AdMob is generally not free). And this is not some sort of individual site somewhere deep in the world wide web. The number of AdMob demonstrations is very large! And Google themselves talk about it at any opportunity, promoting the AdMob system among developers.
And the main question that I am asking myself now is very simple: “Who benefits from Google Russia so that mobile viruses are promoted?” For if that weren’t profitable, the situation simply wouldn’t arise in principle. Well, or as a last resort, immediately after the appearance of alarm signals, everything “left” would be cleaned without a trace (which is not the case now). I just do not believe that with all the scales of this certainly respected corporation, there is no possibility to hire one freelancer who would monitor what is advertised in AdMob. There would be a desire ... And if there is no desire, it means that "it is necessary for someone."
cre8or May 2, 2012, 10:01
All data ads and / or accounts are blocked.
The conclusion I made and which is still valid is simple: Google Russia makes money from advertising for viral, fake websites, making a profit from advertising these websites in its ad network AdMob.
How does this happen?
It was worth looking at and starting to click on the displayed banners in order to understand: more than 80% of the adverts issued by the AdMob system on a mobile device are fake sites that impersonate Google’s app store, but have nothing to do with the original Google Play.
')
I just launched the free version of “Birds in Space” and began to reload the level time after time, checking what kind of advertising is displayed on the screen.
First of all, I drew attention to the advertising, kakbe hinting at the "many free toys":
Each of these banners leads to a separate URL, but the sites are made as a carbon copy:
Already one name posted on the site directly violates the brand of Google itself. If you punch through whois, it turns out that all of these sites are registered to a private person (it’s not important). Why would someone organize a fake site and get free programs from there? The goal can be only one - to slip programs infected with viruses.
Of course, when you try to install an application downloaded from these pseudo-stores, the device displays a warning: “Are you sure?”
But after all, many users who have little understanding of what the system wants them to do will simply ignore this warning and give their consent to the installation, which is what virus writers need.
The next in terms of the number of hits was the advertisement of a supposedly new client for the Vkontakte network:
Clicking on this banner did not display either the store or even the Vkontakte site. Immediately from the browser began downloading the apk-file with a completely “left” resource of some file hosting:
Attempting to download "Translator on Android phone" led to the site, already more carefully disguised under Google Play, but still no relation to the original application store that does not have:
Very often, I was ultimately asked to update Skype, although it was not installed on my phone:
The next option “razvodilova” was the offer to download “Navigator on Android phone.” The crookedly torn icon from Navitel-Navigator already seemed to be suspicious in itself:
Again the same left site iplay-android.net:
The pseudo-Yandex.navigator theme was even more fun:
At first, a strange redirect from the left site worked:
... to the rubbish already familiar to us
... and HERE SAME, “without declaring war”, without any requests to the user, the download of the APK file began:
Normal, without cheating, advertising was only one thing spinning - the Booking.com service, which really led to a real Google Play after the click:
Other advertisements also flashed, but it was so rare that I could not trace them (after each screenshot, the game paused and the advertisement disappeared from the playing field). The overall percentage of "left" advertising was clearly more than 80%.
Stages of the battle with Google
All these observations I set out first in the first publication of April 20 and gave links to it on Twitter and Facebook, mentioning @GoogleRussia explicitly. The reaction was zero. Then a second note appeared on April 25, to which I tried to attract the attention of as many of my acquaintances as possible, including and from among IT journalists. And although the second time, too, there was no response from Google Russia, however, the next day, when I decided to collect clear statistics on the appearance of certain banners, I saw that there were no ads in Birds, or only single booking.com
“Hurray! Victory! ”I said to myself, but as it turned out, I was glad early. "Complete calm and beauty" were only in Angy Birds! All we had to do was launch another application that supports AdMob, and the same familiar banners appeared on the screen:
I admit that new “honest” advertisements appeared, regularly causing the real Google Play, but the presence of the old “leftists” indicates that the problem has not been completely solved. Those. the order was imposed purely cosmetic, just as all the garbage from the room was swept under the carpet - “Perhaps they would not notice!”
Yes, many ad networks sin in the same way, skipping content that is infected with viruses. Here is a message from a friend of mine that the WP7 ad network suffers like this. But the piquancy of this case gives the fact that the AdMob advertising network is directly one of the divisions of Google. And the “leader” in leaks and ease of virus infection among mobile devices is now Android - another brainchild of the corporation. It turns out that Google itself also helps spread viruses to its mobile devices, and even gets paid for it! (for advertising in AdMob is generally not free). And this is not some sort of individual site somewhere deep in the world wide web. The number of AdMob demonstrations is very large! And Google themselves talk about it at any opportunity, promoting the AdMob system among developers.
And the main question that I am asking myself now is very simple: “Who benefits from Google Russia so that mobile viruses are promoted?” For if that weren’t profitable, the situation simply wouldn’t arise in principle. Well, or as a last resort, immediately after the appearance of alarm signals, everything “left” would be cleaned without a trace (which is not the case now). I just do not believe that with all the scales of this certainly respected corporation, there is no possibility to hire one freelancer who would monitor what is advertised in AdMob. There would be a desire ... And if there is no desire, it means that "it is necessary for someone."
UPDATE:
cre8or May 2, 2012, 10:01
All data ads and / or accounts are blocked.
Source: https://habr.com/ru/post/142871/
All Articles