Google Adwords Experiment with Driveby Downloads

A security researcher named Didier Stevens posted a Google ad that actually said “Is your PC virus free? Get infected here!” with a title of Driveby Download and it was clicked on 409 times out of 259,723 impressions. I remember seeing this ad on Google one day, I was going to investigate it, but something happened and I forgot all about it. This is amazing. It’s not amazing that many people clicked on the ad, it is amazing to me that Google let it go through. They had to approve the ad and he had no problems at all getting it listed.

I bought the domain. .info domains are notorious for malware hosting.

I setup a web server to display a simple page saying “Thank you for your visit!” and to log each request. That’s all. I want to be absolutely clear about this: no malware or other scripts/code was ever hosted on this server. No PCs were harmed in this experiment.

I started a Google Adwords campaign with several combinations of the words “drive by download” and the aforementioned ad, linking to

I was patient for 6 months Source: “Is your PC virus-free? Get it infected here!”

He notes on the latest post in his blog that someone at Google must read /. because his ad is no longer approved. This is totally amazing to me that Google would allow an ad like that to get through, even if it wasn’t hosting anything malicious, it says their is no limit to what you can post on Google as long as no one is making a fuss over it. So, they are starting to kill some of the made for adsense sites, but they will allow ads like this, I wonder who or what is deciding a site is MFA or not? As a company adds more and more people, some of the quality can go down and get lost in the shuffle, but after all of the advertiser complaints, all of the negative sentiment that is being built up about Google, cross scripting holes, etc, you would think that the quality control people would be picking it up a notch, not just let everything in.

Here is a video he created for the experiment, just basically him showing the ad, etc.

This entry was posted in Google. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>