Ads by TechWords

See your link here
Receive the latest technology news and information.
Application/Web Development
Web Site Management
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Drudge, other sites flooded with malicious ads

September 23, 2009 09:16 PM ET

Active Comments
Anonymous says: "In tests, ScanSafe found that only 3 out of 41 antivirus vendors detected the malware." Who were the 3 out...
Anonymous says: Obviously, these "advertising networks" are absolutely incapable of policing themselves. The only answer is blocking all advertising completely (this site,...


IDG News Service - Criminals flooded several online ad networks with malicious advertisements over the weekend, causing popular Web sites such as the Drudge Report, Horoscope.com and Lyrics.com to inadvertently attack their readers, a security company said Wednesday.

The trouble started on Saturday, when the criminals somehow placed the malicious ads on networks managed by Google's DoubleClick, as well as two others: YieldManager and ValueClick's Fastclick network, according to Mary Landesman, a senior security researcher with ScanSafe.

The attack comes just a week after the New York Times Web site was tricked into displaying a deceptive 'scareware' advertisement for fake antivirus software from scammers pretending to be ad buyers with Vonage, an Internet telephony company.

Instead of trying to trick Web surfers into buying bogus software, these ads attacked.

They would pop up a nearly invisible window in the victim's browser that contained a maliciously encoded pdf document, which included attack code that placed a variant of the Win32/Alureon Trojan horse program on the victim's computer. Sometimes, the ads would also try to exploit a previously patched flaw in Microsoft's DirectShow software, Landesman said.

"The user would have seen a very brief opening of a blank pdf window and it would be at the bottom portion of their screen," she said. The Alureon Trojan is known to download additional malware and often hijack victims' search results, she said.

The pdf attacks apparently only affected victims with out-of-date versions of Adobe's Reader or Acrobat software, she added.

Between Saturday and Monday, the ads accounted for 11 percent of all Web pages blocked by ScanSafe's Web filtering software, a sign that many people were being presented with the malicious ads. And because the pdf pages were modified slightly every time they were displayed, most antivirus products didn't detect them.

In tests, ScanSafe found that only 3 out of 41 antivirus vendors detected the malware.

"To be honest, they were pretty clever in the way they carried this out," Landesman said. "They managed to infiltrate sites that enjoy very good traffic and they were able to use a mechanism for creating this pdf that caused it to be nearly completely undetected."

This is not the first time Google's DoubleClick has been associated with this type of malicious advertising. Earlier this year criminals placed similar ads on the home page of technology trade magazine eWeek, whose ads were managed by DoubleClick.


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

the Drudge Report

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Case Study: Live Nation and Citrix NetScaler
When Live Nation spun off from Clear Channel Communications it urgently needed to consolidate nearly 100 different Web sites.  

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs