Two Major Ad Networks Found Serving Malware

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

Can't say I'm surprised...

[TestedDoughnut]

Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago. With that in mind, I can't say I'm really all that surprised that advertisers would be the source of ad/spy/malware...

Re:Can't say I'm surprised...

[gmhowell]

Oh no, between you and the AC, you've mentioned HOSTS files twice. If you mention them a third time, the apk troll shows up, like a techno Candyman with Tourette's.

Re:MSN sucks! This would never happen to Google!

[icebike]

Quote Story:

A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.

So, MSN was clueless. Google was merely slow to act.

Re:Praise for adblock

[Spad]

Cue.

Re:Noscript wins again

[hairyfeet]

As a PC repair guy with waaaay too many click happy customers I'd say your best bets in the free AV category are MS Essentials and Comodo AV. In my experience thanks to its auto sandboxing of all apps unless told otherwise Comodo is a little better protection, but of course as with most of the "smart" AVs it has a bit of a learning curve, and will ask you questions for about a week until you've launched all your daily apps. Nice thing is it has built in limited whitelists with core Windows system behaviors so it don't bug you when Windows is doing what it is supposed to be doing, like scheduled tasks. MS Essentials doesn't ask you squat and is pretty unobtrusive but I wouldn't recommend it for those that are click happy or go to dodgy sites because of its lack of sandboxing and registry virtualization so if anything does manage to get past it your borked. But it does have a good detection rate and is a hell of a lot less bloated and buggy than AVG.

As for TFA this is why I install Firefox with ABP on every customer's PC and show them how easy it is to use. by having them block ads I've found their rates of return because of infection dropped by a good 80%. While I understand that sites like /. need to make money, having their PCs turned into a zombie or having their CC stolen by a keylogger simply makes ads too risky at this point in time. It is as I said that JavaScript is becoming just as big a vector of infection as ActiveX ever was. I'm sure that we'll look back in 5 to 10 years and go "WTF were we thinking?" with JavaScript just as we do with ActiveX now. Trusting third party code served up from some ad bunch with no control over content or risk is just a bad way for a site to do business. If they are gonna serve ads than maybe we should go back to simple text and picture ads which don't require code to run.

Re:Noscript wins again

[Ecuador]

You think that is smart eh? Oh, boy, are you in for a suprise!
Using debit cards to be "safer" is the worst idea possible. All credit cards have fraud protection. If someone uses it fraudulently, as long as you catch it within a couple of months, you are not responsible for paying it. When you give your credit card number to someone you are giving access to your credit line, provided by your bank, not your money directly, and when they charge your card they won't draw money from you, they will post a charge for which they will get paid later by the bank and you will be asked to pay for it.
Now, if you give your debit card, you are giving your bank account. A transaction draws money from your account immediately, good luck trying to reverse that later, I mean it is YOUR money gone, not the bank's money. Then, the fact that you don't have overdraft protection does not mean much. First of all you will have the bounce fee. Secondly, there have been many instances where banks go ahead and honor the overdrawing (it has happened to me once, they charged both the fee AND overdrew the account, it was either Wacovia or Chase...) and when you ask them about it they say "because you are a good customer our system allowed it".
There are of course many other reasons for using a credit card. For example you get extended warranty (AMEX doubles 1-year warranties), cashback etc.
If you want to be secure there are virtual account numbers that many CC provide. Some of them can be set with a pre-set limit. But be careful, similar to a bank account there are times where the bank will still honor going over the limit. The difference is, you will NOT have paid it with your money. You will receive a bill showing the fraud and you will file for it to be cleared. It has happened to me a couple of times and I shudder at the thought of that being my debit card...