The Next Ad You Click May Be a Virus

Jay notes a Wall Street Journal report about ad networks unintentionally selling empty space to malware loaders (the link is to a syndicating site that doesn't require a subscription to view). The submitter comments: "The labeling of the fake ad sellers as hackers is pretty bogus; there's no hacking involved. Simply sign up for one of these networks, create your fake site, put up another company's creative, and you're good to go." The incidents being reported go back a few months, but the pattern of this criminal activity seems to be coming clear only recently."EWeek.com, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for LaCoste, the shirt maker. The retailer hadn't placed the ad — a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."

About time someone made a report on this.

[Girtych]

My coworkers and I have been dealing with AntiVirus XP and its variants for the past few months, and it seems to infect computers in exactly this way. Badvertisements. It's hardly a new phenomenon, but it's nice to see the press pick up on it. Better late than never.

It's worse than that

[Erik+Fish]

Not clicking on banner ads isn't enough. For years I've been fine with letting any non-Flash banner ad through, but I a few months ago I finally installed Adblock after finding one too many PDF exploits being loaded through banner ad display code.

It works like this: You are minding your own business browsing some perfectly legitimate web site when suddenly you get a dialog box asking if you would like to execute the JavaScript in "this PDF document". There's no PDF in sight, no other windows, nothing else suspicious.

Oh, but you only get this dialog if you have JavaScript disabled in Acrobat (most people don't).

We allowed them in

[Opportunist]

You know, back in the good ol' days of yore, when the internet was young and so were we, we created a beautiful garden. We, the geeks, we came together and we built. We created flowerbeds and hacked away the weed so people could find a path through the wilderness, we invited other geeks to join us in our creation so they would maybe build something even greater on top of ours. We looked at it and saw it was stunning and beautiful, and we looked outside for the "others", the "mundanes", the average guy and we thought, wouldn't it be a great idea if they, too, could see how beautiful and magical it all is? Imagine, when we, a handful of geeks, can create such wonders, what miracles are waiting for us to see if we just let others join in the creation?

Sure, they were no gardeners, so we paved a few ways through our wonderland, lest they got their feet dirty on the muddy paths we used to walk on. And the people came. They came in, and they looked. Few wanted to create, actually, most just enjoyed the view (hey, how many gardening exhibits do you know where you can see exotic plants without having to pay admission?), some tried to plant but soon got fed up when they noticed they'd have to know a bit about gardening.

And of course, in came also the ones that find pleasure in destruction, who wanted nothing but to destroy the creations. We had to fence them in, we had to hire guards for our creations so they wouldn't get destroyed. Often enough, those guards were not good enough and quite a few beauties are no more.

Personally, I wonder if it was a good idea to unlock those doors and pave some ways.

Good reason to block ads at the corporate firewall

[Animats]

This is a good reason to block all ad sites at your corporate firewall. You'll probably cut your Internet bandwidth usage in half, too.

Re:When will this end?

[AnalPerfume]

"Every liar, cheat, grifter is taking their shot at fucking up the sandbox we all play in."

You forgot greedy corporations, they arguably do more damage than the rest put together since they have the power, influence and money to really fuck it up for us mere mortals.

Re:When will this end?

[pushf+popf]

Our internet is still there.

Usenet, telnet, bash, text-based email, html without plugins, privoxy, linux. It's all still there. Leave the Flash ads and latest "screw you" schemes for the "consumers".

For What It's Worth, I don't know how anybody can stand it. I walked up to a Co-worker's Vista machine running IE and just about had a seizure as the endless barrage of blinking flashing running ads flew about his screen, occupying at least 2/3rds of the real estate. I don't know why the lusers even bother.

If my machines looked like that, I'd unplug them all and do something useful like cook for a living.

Re:Aren't they all?

[mysidia]

What's worse, is even Google ads can potentially be infectious links.

The ads that inject javascript and/or exploit vulnerabilities in Adobe Flash, Acrobat, or Office, when displayed are conceivably worse than ones that lead to a malicious page if you click them.

The article title could just as easily have been "The next Ad you see may be silently infecting you on sight"

What really needs to happen is, new advertisers need to get vetted extensively.

Advertisers should have to upload their banner imagery, and get it served by the trusted party (content provider or well-known ad servicing company), rather than get to remote-load content that can't be reviewed in advance and introduce unexpected cookies, javascript, etc.

And at least the first few times an ad is listed, there should be sporadic manual reviews by Google, et al, (whoever they advertise with) and thorough searches for malicious content...

Collect a huge deposit in advance of advertising, and have the contract written such that the deposit is forfeit, if there is evidence of malicious code, drive-by download, exploit attempts, attempted worm, or attempted offering of spyware applications via the ad.

Re:what ads?

[elashish14]

So I guess this was the case, back in the day. I remember those days, even though I was a wee one. But after installing a new system from scratch, customizing Firefox is one of the many arduous tasks that must be done (sure, it's as easy as just copying your ~/, but it still has to be done).

So I said forget it and just went along my way without doing it once and a couple months later, I still haven't installed it. Times have changed - now the only ads that I see are nothing like the ones of old. And you know what? I like it this way cause you know, if I see the ad of a company that I don't like (hint: it rhymes with Shmicrosoft), I click it knowing that said company will lose a couple fractions of a cent. And all feels good in the world.

Re:When will this end?

[AnalPerfume]

In that hypothetical situation I'd agree that malware writers would all suddenly focus their efforts towards Apple and Linux, but the success rate would be limited. Both are built to be secure.

Apple have a small number of setups that a malware writer can rely being there to target, Apple also like to keep any security (and anything else for that matter) issues secret until they have a fix, so there's potential for exploitation there. Many of their users are also of the mindset that they are different from "PC"'s even thought they run a PC too, that malware is a Windows problem, so they won't do anything to protect themselves from it.

Linux is by far a small and very fast moving target to hit. Each Linux distro has a different choice of software installed by default, slightly modified versions of software in their repositories and an army of people looking over the code before it reaches the end user. I see the most likely source of malware on Linux (when it starts) will be in closed source plugins for apps like Firefox. Flash Player has proven a weak point before, on all platforms.

Eventually, both Linux and OSX will start to see malware, but it won't be anywhere near as bad as Windows is. Windows is a once-in-a-lifetime fuck-up that others have seen and nobody has been stupid enough to emulate.

Look at the variety of OS's doing the rounds, they're ALL based on *nix. Whether it's a fully free and open source path, or a proprietary code bolted on. EVERY current OS in existence apart from Windows is *nix based to some degree, and which has 100% of the market share it really don't want? Windows. That tells it's own story. Feel free to convince yourself that things would be different and that Windows is no worse, or no more vulnerable than others. Repeat it enough and you might start believing it; it still won't make it any more true.

Re:what ads?

Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine.

It's nearly 600kB. I don't think it's going to be nice to use.

Also, wouldn't redirecting them to an invalid ip, say 0.0.0.0, work better than localhost?