Looking for a program to promote? Found a product but not sure if it is any good? Discuss anything on programs and affiliate networks here.

Has my Adsense Code been Pirated?

PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:

Has my Adsense Code been Pirated?

I have got adsense ads on my website (www.mimenta.com) and they appear as normal when I wiew them in my Windows browsers (IE6, Firefox, Opera) and in my Linux browsers (Konquerer, Firefox etc).

I have seen my site on another computer and the ads all come from iTotalFind, not Google, are different ads and in similar (but not identilcal) coloured type.

Does anyone know anything about this?

I have referred the matter to Google, with screen dumps from both PCs but as yet, I haven't had a reply.

I am concerned that iTotalFind is pirating the Google code and thus cutting out my click payments. If Google did not authorise them, I am angry at iTotalFind's intrusion into my sight without my permission. I wonder how the intellectual rights laws stand on this.
  • 1
PremiumMember
sean06
Posts: 1377
Joined: 16 Jun 06
Trust:
I don't really know what you mean, is itotalfind a browser? And you're saying that their ads are replacing your adsense?

Sounds a bit weird, I don't see how it could do that.
  • 1
www.SixDayWeekend.com
Free Training Videos reveal how I make 6 figures while travelling the world
 
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
Sean06 - to describe it another way:

Two PCs in one location - Same website displaying on both.

Google ads appear on one and in the same places on each web page, on the other PC, are different ads sponsored by iTotalFind.

Google responded to my mesage (under 12 hours for a reply - brilliant!)
Google suggested that it was a Malware infection and we went hunting.

We have discovered that there is a Malware out there that shows up with CWShredder.exe that finds Google Adsense and Yahoo ads and substitutes them with their own ads - your site hosts ads you don't get any payment for, while iTotalFind charge the advertisers on a CPC basis.

It shows up in your registry as an HKEY entry with the text "\Itrust\url changer\" and clones itself as fast as you can erase it (1036 new malware entries were formed in thge next boot up).

We have cleaned up the registry and it has halted the cloning on the infected PC but it has also disabled the Google ads from appearing on the site too.

Will post as more happens
  • 1
PremiumMember
sean06
Posts: 1377
Joined: 16 Jun 06
Trust:
Thats very dodgy and very clever. These people would probably do well if they used their talents in a non-dodgy way.

Let us know how you go with it all.
  • 1
www.SixDayWeekend.com
Free Training Videos reveal how I make 6 figures while travelling the world
 
davmontrose
Posts: 93
Joined: 15 Oct 06
Trust:
Wow, talk about a scam of all scams. Man, I get tired of all the BS out there sometimes. Davin
  • 1
PremiumMember
promocode
Posts: 275
Joined: 05 Sep 06
Trust:
huh, kind of scary if this is true because CWShredder is supposed to locate and remove CoolWebSearch another popular hijacker - I use it all the time.

I wonder if the CWShedder malware on your pc is actually a trojan horse of the real thing?

Staying ahead of the bad guys is getting tougher everyday but there are some reliable anti-mal sites that can make you "armed and dangerous" - Major Geeks and Geeks To Go are two that I trust.

Even though I use the tips at those two sites for protection, something stubborn always seems to find it's way onto the system so every year I drop them off to my local PC Doctor who gives each system a good manual cleaning, cheap insurance for $100 a year.

Hope you get everything squared away soon with out too much damage Mimenta, what a pain in the rumpus this stuff is.

Best,
PC
  • 1
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
YesI know -
I am the local PC Doctor in our area - just to give you some idea:

I started in PCs before Windows, before floppies, before type fonts, colour monitors (actually we had a choice - grey(TV) or green (Monitor). Programs were stored on audio cassette (30 or 60 mins - longer cassettes stretched and you lost your data). A hard disk was the size of a bar fridge and if you walked past the magnetic field slowed you watch down. I built my first PC at Uni then bought a Dick Smith Red Label in 1984, learned NewDos from a lever arch binder that cost $120 to photocopy. I have kept up with the play ever since and have contributed to some of the software you use without realising it today - like Firefox, Windows fonts, Registry editors, Spreadsheet linking, viral pattern files etc etc through the open source and Linux network.

The point is - I know enough to be scared of what I don't know.

With all that - this little malware bastard has me worried. It has also rang alarm bells at Google, who had heard rumours but were grateful of our screenshots as proof. Our logs have also been posted on 4 security sites (you found one of them). Now we wait.

This all began when I was designing a website for someone else who was looking at Google Adsense to monetize it and I said "Have a look at my site."

Yep - I've had better days! :(
  • 1
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
Have cleaned out registry of everything suspicious.
Computer is very slow on Internet (no cookies, temps, links etc)

Seemed clear last night - we got Google ads showing on my site on this machine.

Started the computer up this morning and Google Adsense has been swapped by iTotalFind again! :evil:

We mapped the system last night (not a small job with 2GB RAM a 12O and 200GB drive but we sneaked some sleep in there somewhere!). Now we'll map again and comapare maps to see what has altered at this boot up. Hopefully the difference will at least have a clue what we are looking for.

On IE7 and Firefox we are now getting ad messages in the browser header, beside the Browser Icon at the very top left of the screen. The infected PC was taken off line and all the others scanned as a precaution. The problem is that they are all different systems so we can't compare maps. It doesn't seem to have infected the other machines.
  • 1
PremiumMember
sean06
Posts: 1377
Joined: 16 Jun 06
Trust:
Sucks to hear about that, but at least you were the first person to alert google. Thats gotta be worth something :P

Hope it sorts itself out.
  • 1
www.SixDayWeekend.com
Free Training Videos reveal how I make 6 figures while travelling the world
 
PremiumMember
chatyak86
Posts: 1369
Joined: 17 Jun 06
Trust:
What do you mean the ads come from Itotalfind.... does it say "Ads by Itotalfind" or are just the adsense ads directing to Itotalfind? It doesn't matter what site google chooses to show in the adsense ad, you are still getting paid per click aren't you?

Adrian,
  • 1
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
Adrian -
As I previously stated - the ads are from iTotalFind - they say so.
and Google have replied to me, in an email, that they have not authorised iTotalFind to use their code.

I discussed with Google what we found, did and suspected (malware resided on the computer and redirected Google Adsense code for iTotalFind) here's their reply :

Note I have included their ticket number and all ID's as well, as proof this is genuine:

------------------------------------------------------------------------------------

Hello David,

Thank you for your response. I'm glad to hear that you've come to the same
conclusion, and please know that the additional information you've
provided us is very helpful.

Sincerely,

Diane
The Google AdSense Team

Original Message Follows:
------------------------
From: "David Hilton-Bright" <mimenta@gmail.com>
Subject: Re: [#96461690] Possible Adsense code piracy Violation by
iTotalFind
Date: Fri, 29 Dec 2006 12:55:38 +1100
----------------------------------------------------------------------------------

So for the record -

We are not the only PC to find this - other security forum discussions exist with people asking how to remove this. (Try Google = iTotalFind)

Your Google Adsense (and Yahoo equivalent) ads do not appear on your website or pages when viewed on an infected computer.

You get infected through an email - most likely to do with making money on line - so carefull read the EULA's before you accept - for some reference to adding some code or cookie or code changer to you computer.

The ads are replaced by iTotalFind ads - here's part of the screendump:


You don't get paid for the use of your site space.
You don't get paid for any clicks
You don't get paid for 1000 impressions either.

While iTotalFind charge advertisers for placement and clicks and cost per 100 impressions.

All I can say is rest assured Goodle is onto it and is pi##ed off. While we see a small income upset, they are looking at millions of lost revenue and won't take this lying down.
  • 1
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
I have just been over all my comments and I am concerned they look like scare mongering - there's no need for panic.

Only ads are effected on infected computers. A level of replication is reached then halts, so no harm elswhere on these computers.

We could solve the problem with a reinstall but are persisting to see if we can beat it and thereby find a fix. Assisting us are the top Linux, Google and security folks I know as a computer veteran. A solution will come up - its a matter of when.

Let's get it in perspective - we are talking about only one computer being infected - not all google ads on all computers.

On the security sites the avatars (guru's) are spewing the usual fixes - which indicates there have been too few reports to raise hell yet and be taken seriously- so we estimate infection is less than .001% on machines (rough estimate only - not accurate because many people wouldn't notice the infection).

The infection has come from some file that was opted in and opened - not simply opening an email, so infection will be spread slowly compared to your usual malware.

Google is fully aware of the problem and has already started to react.

I am continuing to lodge Google Adsense on my own site www.mimenta.com and this has opened my eyes to Google and how helpful and responsive they have been. (Nothing from iTotalFind yet)

I refuse to let some jumped up black hat scamming highschool drop out ruin what is going to be a prosperous year for us - Adsense is only one portion of what Mark is using for monetizing - bring it on!
  • 1
PremiumMember
chatyak86
Posts: 1369
Joined: 17 Jun 06
Trust:
Administrative Contact: ItotalFind

152 W. Wisconsin Av, Suite 709
Milwaukee, Wisconsin 53203
United States
(414)271-9530



Adrian,
  • 1
cdidcott
Posts: 105
Joined: 23 Aug 06
Trust:
I hope they enjoyed putting one over on Google coz it won't last very long.

The knowledge and effort needed to do such a thing in comparison to the amount they will get from it, with the possibility of being caught and prosecuted, does make me wonder why they bothered.
  • 1
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
My partner (with the iTotalFind infected computer) wants to add Adsense to her site.

Of course she can't do it on her (infected) computer because she won't see the ads. Could she add them to her site, using my computer and her adsense account details?

The IP address will be different - will that matter to Google, as long as the account details are hers?

On the iTotalFind front - we have searched the internet - no-one knows how to remove it. We have found records of infections dating back to Feb 2005. I suspect we'll have to reformat the drives and re-install everything.

The ironic thing is that we share and swap files between the computers all the time and mine isn't infected. Probably the fact I always surf the net using SuSE (Linux) with Firefox rather than Windows (because it's smoother and faster), saved me being infected too.
  • 1
cdidcott
Posts: 105
Joined: 23 Aug 06
Trust:
cdidcott wrote:I hope they enjoyed putting one over on Google coz it won't last very long.

The knowledge and effort needed to do such a thing in comparison to the amount they will get from it, with the possibility of being caught and prosecuted, does make me wonder why they bothered.


Feb 2005. My gosh!!!

I retract my entire statement.
  • 1
Site Admin
markling
Posts: 2489
Joined: 13 Jun 06
Trust:
It doesn't matter which computer you use to add the Adsense to a website, so long as the account details are hers. The malware doesn't affect the script on the server level, it just hijacks it on the display computer, so there's no problem modifying the HTML (adding the Adsense script) on the infected machine. The problem is that she won't be able to see the ads -- as you've already figured.

What a drama! I'll be interested to see what Google does about this.

Regards,
Mark
  • 1
Limited time special - Try Affilorama Premium for just $1 for 7 days: http://www.affilorama.com/premium
 
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
Yes I thought that might be the case. I'll have to reinstall Windows to remove the Malware.

We have had no word from iTotalFind at all and have sent several emails (all of which have been receipted) asking for advice on how to remove their hijacking software.

Searching the net we cannot find any cases where there has been a fix other than reinstalling Windows and losing all your links to existing software on your system.

I have located the malware code twice under different names and removed it but it pings an outside site and reinstalls than clones under different file names.

Frankly I can't be bothered with them - I need to make some money now - we just bought a house. There's more important stuff to do.
  • 1
Site Admin
markling
Posts: 2489
Joined: 13 Jun 06
Trust:
Right you are. It seems like this is more damaging because it's frustrating and draining your energy, rather than actually affecting your business. It's the same problem with a lot of things. You can try to do something about it to get it sorted quickly, but if you can't get it sorted quickly, try to put it aside and move on.

All the best,
Mark
  • 1
Limited time special - Try Affilorama Premium for just $1 for 7 days: http://www.affilorama.com/premium
 
PremiumMember
mimenta
Posts: 86
Joined: 11 Dec 06
Trust:
Thanks Mark
Seems building an Affiliate Marketing business has 2 perils - distractions and distractions.

Either someone has a newer and better idea which will be replaced by an even newer-newer and better-better idea before you can finish doing it or you get parasites like iTotalfind sucking your energy and attention away, wasting you time looking for a solution to a minor problem.

I will sent an email to Google, telling them that iTotalFind has received my emailed req, for two reasons:

This will give Google the legal verification that iTotalFind is deliberately and willfully harming their business (through failing to rectify the problem) and the final condition that defines iTotalFind's code as malicious. That means Google can legally sue iTotalFind.

And also notify Google that once infected, the code is un-removable. If they thought that these 'infections' were temporary and someone will regain Google Ads once they do a Malware scan - they will know otherwise.

Effectively Google (and Yahoo) needs to realise that any computer 'infected' by iTotalFind's 'hijackware' is a perminently lost customer.

Here's hoping Google wake up before they lose their market share.
  • 1