Last night, I noticed some strange behavior from one of my sites that uses AdSense. In Internet Explorer, the site started asking me to install some plugins from google-adservice.com. Naturally, I declined, but the install message came right back. Eventually I had to kill the process to close the browser.
This morning, I opened the same site in Chrome, and was immediately greeted with this:
"Warning: Visiting this site may harm your computer!
The website at oracle-dev.appspot.com contains elements from the site google-adservice.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for google-adservice.com.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer. "
My first suspiction was that something else was running on that page and impersonating AdSense, but no. There's only one script include on that page, and it points to pagead2.googlesyndication.com. It seems that somebody has found a way to push out some arbitrary script through AdSense.
I did some digging around to see who else has been having this problem, and what Google was doing about it. Nothing, it seems. In fact, I only found one thread about it. But
that one thread
is filled with real people that are seeing the same thing.
I suspect this is an actual exploit.
Here is another thread
discussing the issue.
Discuss on hacker news