Hackers Use Banner Ads on Major Sites to Hijack Your PC

The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you don't click on them.The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory." CT: Link updated to original source instead of plagerizer.

TFA = Site scraping?

The flibby link is identical to this Wired blog post by Betsy Schiffman, dated four days earlier.

Not exactly new

This has been going on since flash 8 was released with a vulnerability. I got hit by this about a year ago, maybe a little more.

  Suddenly windows security center, that I routinely turn off because I can't stand the nagging, started up and told me that my computer was insecure and that I should go to a certain website and buy their virus defender software.

Not very subtle to a savvy person like myself, but I imagine some people would fall for it.

The box also started throwing up connection error message boxes, presumably because my external firewall were blocking outgoing connection attempts. Again not subtle, but it's an uncommon setup for a home user.

Third, it must have rooted the box somehow because certain files became invisible. "test.exe" among them. Renaming a textfile to text.exe would make it disappear, and the folder would be unremovable. Cygwin came to the rescue there. Also I noticed only because I happened to have lots of little crap programs laying around.

The virus scanners did not pick up on this.

This is the only time I have actually contracted a virus. Needless to say I hosed the box (PING is not disk image). What I learned from the experience is that knowing your system is way more effective than a virus scanner, and B) don't trust flash which is how I got the damn thing. I thought I was safe with firefox.

Re:I only found these ads on....

[morgan_greywolf]

BTW these ads are not directly dangerous unless you are running on some old browser/old Windows system, but yes, they are annoying as hell. Um, wrong. Watch the video. The guy is running Windows XP SP 2.