Friday March 28, 2008

"NRI Savings Account" spam ads on Google Adsense

This is a message for fellow bloggers and publishers who are using Google Adsense. Recently, I have seen some ads on my blog (see above for a sample) selling some "NRI Savings Account" with a purported link that goes to "www.abnamro.com/Bollywood". According to Wikipedia, NRI stands for "Non-Resident Indian".

At first I thought it was a bit of ad mis-targeting, which I dismissed as a simple glitch in Google's much-vaunted search and contextual-matching algorithms. But then when I saw these ads running for the fifth or sixth time, I knew something was up, so I went to do some investigating. Here's what I've found :

1. My initial thought was to copy the URL for analysis (must be careful there, since according to Google's TOS, a publisher is not allowed to click on his own ads). I got the following string : http://www.sirez.com/lms/44_ABNBW/clickcounter.asp [followed by some url-encoded characters and then followed by] http://216.198.222.137/ABNAMRO/BollywoodCd/savings_bollywood.asp.

2. You don't really need to be a former military computer security researcher (which, well, I was) to immediately grasp that there is something really fishy going on here. The first destination URL goes to some sort of "click counter" page which probably gathers some traffic statistics and then redirects to the second destination URL.

3. Dotted IP addresses (such as 216.198.222.137) with no hostnames ring some major alarm bells. This is one of the tell-tale signs of suspicious websites set up for spam or phishing purposes. I pasted it into my browser and here's what I got :

4. Would the real ABN Amro bank host a website at a dotted IP address with no hostname? I didn't think so. Hence, the next thing to do was a simple reverse DNS lookup :

Name: www.aiminghigher.com
Address: 216.198.222.137

5. Well, "aiminghigher.com" eh? It doesn't add up. It could be another website on the same shared host. I don't have time to go really deep on this one, so I try one final and very simple test. I paste the purported link, "www.abnamro.com/Bollywood", into my browser, I get a 404 page ("The page cannot be found"), and after a second or so, I get re-directed back to the main page of the real ABN Amro Bank.

This is really some kind of fraudulent and spam-ish advertising going on here. I do not wish my visitors to click on this kind of ads and get directed to these sites either, no matter what kind of CPC (Cost-Per-Click) it nets for me. So I go to the Competitive Ad Filter and add sirez.com to the list. If you are an Adsense publisher and you are reading this, I would suggest that you do the same.

(2008-03-28 00:34:21 SGT) [Tech] Permalink

Most popular blog postings on lowem.log :

1. Singapore MRT rail network length to double by 2020
2. 2010 Nissan Leaf electric car specifications : 107hp, 24KWh lithium-ion batteries, 100-mile range
3. Live spot gold price quotes chart on COMEX
4. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
5. AVG Anti-Virus Free Edition 2011 direct download link
6. Real-time live gold and silver price quotes chart on COMEX
7. Singapore electric vehicles : Government agencies EMA and LTA to study EV introduction
8. Book review : Shut Down by William Flynn

Featured articles on lowem.log :

1. Book review : Shut Down by William Flynn
2. Singapore electric cars testing starts with 9 electric vehicles
3. Honda, GS Yuasa JV to make lithium-ion batteries for 2010/2011 Honda Civic Hybrid
4. 2010 Honda Civic Hybrid preliminary specifications released
5. 2010 Honda CR-Z hybrid, 2010 Honda Fit/Jazz hybrid models confirmed
6. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
7. NYMEX crude oil recovers from $32.40 low after 2.2 mbpd OPEC production cut announced
8. Singapore : Nuclear power not ruled out