Bidding on Fear: The SuperFish Vulnerability and Paid Search

Jennie Scholick Apr 21, 2015

As you probably know by now, here at BrandVerity, we don’t have a lot of patience for malware and adware, particularly when advertisers bundle it with free versions of popular software. We were thus quite pleased when Google recently announced some changes to how they treat download sites in Paid Search.

But if we’re already lacking in patience for the download sites who target average web users, we have even less for sites that attempt to take advantage of already vulnerable users.

SuperFish Adware Scandal

The SuperFish adware debacle was big news in late February and early March. To make a long story short, many Lenovo PCs were coming pre-installed with malware made by SuperFish. Intended to serve targeted ads to users, it did so by allowing SuperFish or any enterprising hacker both to view a user’s encrypted browser traffic and to spoof encrypted websites.

Even the Department of Homeland Security chimed in, recommending users remove the adware from their computers.

Targeting the Vulnerable

Over the past month, we ran some monitoring on a variety of SuperFish related keywords such as “Superfish lenovo,” “Superfish removal tool,” and “Superfish malware removal.”

All sorts of interesting things turned up, but I’m going to point out two today

Class Action Lawsuits

Screen Shot 2015-04-13 at 5.25.19 PMOne of the largest groups of advertisers that showed up in the paid search results for Superfish related terms were class action attorneys.

“Ambulance chaser” lawyers often pop up around these kinds of events, but it was interesting to see how aggressively a few firms were targeting this one. Of particular interest was how many created Superfish-branded landing pages for these search ads. They would usually link to some information about the Superfish vulnerability and then prominently display a a lead form. These ads were decidedly not directing users to the law firm’s main website, nor were they directing users to useful information about how to get the software off their machines.Screen Shot 2015-04-13 at 5.24.12 PM

While it perhaps shouldn’t be surprising that law firms bid on these kinds of search terms, it was interesting to see how organized these outreach efforts were, how quickly they jumped on the issue, and how long these ads ran. We’ll also be interested to see if any lawsuits do come out of the issue.

Download Sites

Screen Shot 2015-04-13 at 1.47.24 PMBut while law firms occupied a lot of the SERP’s geography, the largest proportions of ads were for download sites offering anti-virus and spyware detection software. While many of these sites were promoting legitimate anti-virus software, others looked decidedly more suspect--particularly the one whose title read “Superfish Virus” and offered an internet speed detection toolbar. We’ve provided a few representative ads. Screen Shot 2015-04-13 at 1.48.37 PM

Some of these ads were affiliates providing downloads to helpful (and less helpful) software, some were toolbar sites looking for susceptible users, and some were just trying to capitalize on a news event and get their name in front of some consumers. Regardless, all of them were targeting already vulnerable people looking for a solution to a very real threat.

creen Shot 2015-04-13 at 1.03.15 PMWe’re certainly not trying to say that anti-virus or malware detection platforms shouldn’t use a news event like Superfish to advertise their products, but it is a reminder these kinds of events also reveal a lot of people who don’t have the user’s best interest at heart. As with more innocuous events like the Oscars, an event like the Superfish debacle brings a lot of advertisers out of the woodwork--both good and bad. We think it’s unfortunate that these kinds of sites are targeting already vulnerable and compromised users and hope that Google’s pending updates to their policies will cut down on these sorts of actions.


Major news events provide a big opportunity for advertisers to promote their offerings --this isn’t new information. But it is interesting to see who exactly is trying to capitalize on this kind of security breach. We can only hope that people searching for solutions to the SuperFish vulnerability didn’t end up with even worse adware or malware on their computers.

Have you seen these kinds of ads? What are your thoughts? Leave a comment below or contact us at BrandVerity!

Topics: paid search

Don't Miss Out

Get the latest insights on brand protection, compliance, and paid search delivered right to your inbox.

What you don't know will hurt you. Start monitoring and protecting your brand.