Publishers thrown curveball by rogue security banners
vnunet.com, 15 Nov 2007
A group peddling rogue antivirus software has duped several major websites into serving users with unwanted downloads.
Major League Baseball's MLB.com, the National Hockey League's NHL.com, and the website for business magazine The Economist have all fallen victim.
Security researcher Roger Thompson from Exploit Prevention Labs demonstrated the ads, which have since been removed, in a video hosted on YouTube.
The video shows the advertisements 'hijacking' the browser to direct the user away from the original site and attempt to perform an unsolicited software download and installation.
The ads use a tactic known as 'scan and scare'. The user is offered a free system scan which returns misleading results in an attempt to scare the user into paying for the software.
'Scan and scare' is a favourite among rogue security vendors that sell intentionally ineffective or malicious security software.
The ads were first believed to be coming from the DoubleClick network, although the company has since been cleared of any blame.
Researchers claim that the sites were contacted directly by the advertisers, who then managed the ads through DoubleClick's Dart ad-serving system.
The malicious Flash files contain code which redirects traffic from the host, past DoubleClick's servers and to a site which tries to serve the unwanted download.
DoubleClick said in a statement provided to vnunet.com that it is updating its system to track down and remove the malicious ads.
"Unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware," said the company. "We are going to continue to take proactive and reactive steps."
DoubleClick recommends that publishers carefully research prospective advertisers and keep a close eye on the behaviour of banner ads.
DoubleClick is hardly alone in the struggle to block out malicious and intrusive ads. Ad vendors and researchers have long warned that rogue security vendors use so-called 'bait and switch' techniques to swap out normal ads with malicious files.
This has resulted in an ongoing cat-and-mouse game in which malware vendors adopt new techniques to stay ahead of the screening systems used by the advertising networks.
An oldie but a goldie
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Open Text chief predicts more consolidation in ECM market
We ask the BlackBerry maker's head of security what CIOs...
Do you agree?
Have your say on this article