Hackers Use Banner Ads on Major Sites to Hijack Your PC

The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you don't click on them.The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory." CT: Link updated to original source instead of plagerizer.

AdBlock and NoScript

[Timinithis]

I use these exclusively, are there reports that this method gets by them? I know that if the ad is blocked, it isn't downloaded, but is that all it takes, download the ad and you have the virus?

Sounds like a reason to just block all double-click items...

I don't enable flash/scripts on any page unless it is needed -- like scripts for /.

ISP's should block DoubleClick

[RichMan]

This is a good enough reason for ISP's concerned about security to block DoubleClick. You spam the net with bad referrals you get binned. Also think of the traffic that would get binned, way better than blocking p2p.

Do it for a month and DoubleClick and their ilk will be extra sure about not hosting bad stuff.

Your company/family/school

[KiloByte]

Right, we all use Adblock and the like. Yet, you can't force everyone in the vicinity to do so, there are lesser minds who opt for Opera, and there's even a tiny portion of giants on Links -- and let's not even mention how low SOME folks can fall.

I would say that adzapper (if you use squid) or a DNS-based blacklist is quite mandatory wherever you do have a say. Glancing at the logs of ISPs I have root at, roughly 1/4 of all freaking http requests go to lowlifes -- and even that based on my grossly incomplete list of ad/spyware/tracking scum.

Yeah, 25%. That's horrible.
And there are some customers dumb enough to complain if you do protect them from ads, so you can't do this in an ISP scenario. But in a company, school or family? Hell yeah, there's no reason for doubleclick.com to get through, ever.

Say.. doesn't Slashdot use Doubleclick?

[Animaether]

I'm pretty sure it does because I had to wait 30 seconds for any page of Slashdot's to render fully yesterday because Firefox was busy waiting for ad2.doubleclick.com or somesuch subdomain of theirs. The current page source certainly has doubleclicky ads.

Now, granted, the malware distributors typically tag ads for subjects not often seen on Slashdot (but I get them on, e.g., the Sinfest comic - huh, imagine that).

I'd say it's about time Doubleclick (that's you, Google, if you finally get to say you did indeed acquire it and everybody OK'd the deal.) gets held a little more responsible for this sort of thing being done through their network for which they collect money.

Re:I only found these ads on....

[Metaphorically]

One should click the "X" to close out such windows - or likely better yet, especially when in doubt, do so via keyboard CTRL-F4 (think that's the combo). And why is it that the close button in the corner is special? It may be the safest because normally it isn't hooked but depending on the situation it could be. Windows sends messages to the program whose window is going to be closed. What's more, an application can draw it's own window decorations (like Winamp does, for example) where the corner bit looks like a normal close but isn't.

Even in a web page, someone can make an image that looks exactly like a default message box on your OS (which can be guessed from the User Agent string) and have every part of that image tied to malicious results.

btw, yeah, Ctrl-F4 is close for a window (like a message box) and Alt-F4 is close for an application or new browser window.