Select Page

Came across this one doing some spyware testing today (it was popped up from a nasty site).    Using basic iframe tags, it looks like Google, and it is Google, but with some slight differences. 

The sites whole purpose is to contact another site to display an advertisement, which is actually set to be so small that you’ll never see it, but the owner of this fake Google site will still get paid for displaying an ad.  Basically, a way to rip off advertisers. 

Fakegoogle298122312asa

To wit, the html code from the page:

<iframe name=”contact” src=”http://google.com/
width=”100%” height=”100%” marginwidth=0 marginheight=0 hspace=0 vspace=0
frameborder=0 scrolling=no></iframe>
<iframe name=”contact” src=”http://66.230.164 99/… (this is the ad being called from the SearchMeUp crowd, resulting in an advertiser being charged)
width=1 height=1 marginwidth=0 marginheight=0 hspace=0 vspace=0
frameborder=0 scrolling=no></iframe> (the ad is in a frame that is so small it will not be detected on the page by the user)

The site is http://m-game(dot)name/tr/

So here’s the scam: The perpetrator signed up as an affiliate with SearchMeUp (part of UmaxSearch).  He then links to a search result, which results in the advertiser being charged for a click-through from SearchMeUp.  He conveniently bypasses any blocklists (since he’s in with a rough crowd that is likely on the bad lists of even the gray-area advertising community) because his site (at this point) is innocuous.  The end user never sees any ad, because it’s hidden in the fake Google page. 

Advertisers run the gamut from typical smaller advertisers (casinos, cigarette vendors, etc.) to companies like Progressive Insurance.

Cute.

 

Alex Eckelberry


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34