Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Major Ad Networks Found Serving Malware

Posted by samzenpus on from the wanna-buy-a-virus? dept.

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

9 of 330 comments (clear)

  1. Noscript wins again by wizardforce · · Score: 5, Insightful

    One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.

    --
    Sigs are too short to say anything truly profound so read the above post instead.
    1. Re:Noscript wins again by cappp · · Score: 5, Insightful

      And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

      What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines, but I just can't justify exposing myself to whatever that week's ad-based crazy shit danger happens to be. It's similar to how I feel about porn sites - the responsible part of my wants to subscribe and send them a little cash for the assistance rendered by their presentation of jiggly bits being jiggly...but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

      So now I find myself chosing between doing that right thing - supporting the services I use - and the secure thing. And as it happens, the secure thing wins out.

    2. Re:Noscript wins again by oobayly · · Score: 4, Insightful

      Well I thought I was running a properly configured box. Everything up to date, not using IE etc. Clicked on a link and got a Google warning about the sit. Fine I thought, I'll use the get me out of here button and suddenly I'm being bombarded by AV warnings. Noticed a Java console icon in the Systray, so that was how it arrived. What was unbelievable was that within seconds every HTML doc was infected with fucking vbscript.
      I gave up on windows for home use there and then and now use Linux full time (instead of occasionally), and just windows for .net stuff.
      As an aside, time to install Ubuntu, about 40 minutes. Time to install XP (from slipstreamed SP3 CD), half a fucking day including a call to India to ask for an OEM number that fucking worked. None of the driver bullshit either.

    3. Re:Noscript wins again by Ecuador · · Score: 5, Insightful

      You are not bad on the insulting department. Not great on the how things work department though, but with that attitude you can't possibly be helped.

      Just so we are clear, originally I did not think you were dumb. My tone was aiming to make it clear to you and to other people that debit cards are a bad idea regardless how well you think you have thought things through. In my second favorite forum (FW Finance) I have read so many stories about how people have gotten screwed, it is not even funny. For example, do you know that debit card transactions are processed by the end of the day in an order the Bank decides? What do you think will happen with a fraudulent charge the same day as a legit purchase? Also, did you know that normally a merchant asks for authorization before putting a charge through (and gets declined in your case if you don't have funds), but at least the VISA network also allows charges WITHOUT authorization (and think whether a fraudster will ask for authorization)? That was probably how I got a negative charge on an account that had no overdrawing and if you think a negative balance on your bank account does not mean that is your money missing, you are sadly mistaken.
        Anyway, I at least hope you don't use a really bad (customer-friendly-wise) bank (like, say, BofA).
      And to re-iterate, no, I did not think you were dumb, but you did come out as a douche with your second post.

      --
      Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  2. Re:Praise for adblock by Deathlizard · · Score: 4, Insightful

    Let em whine. I'm sorry, These ad firms put themselves into this mess.

    The day ad firms decided to allow advertisers to use Flash and JavaScript in their advertisements is the day I started blocking them. Seriously, What was wrong with simple images and text? Was the monkey way too easy to punch or something?

    --
    In Soviet Russia, Trojan exploits YOU!
  3. Computers are a dying breed by Anonymous Coward · · Score: 4, Insightful

    This is exactly why iPad type "computers" are the coming thing. Locked down in a walled garden and simple to use. Few people *really* need a 'real' computer when a small "device" will do everything they need.

  4. This is why we need to go back to.... by toygeek · · Score: 4, Insightful

    88x31 and 468x60 animated GIF's.

    I'm going to implement ad blocking at the router level at my house....

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
  5. Re:When the fuck will ad networks learn? by jimicus · · Score: 4, Insightful

    Your idea, while clever, isn't going to solve the problem. Javascript will just wind up being pulled in at the server side rather than through <script src="http://dooberidooberidoo....">

    The problem is a combination of idiot ideas concerning computer security. Read something like "The Six Dumbest Ideas in Computer History" some time - it's eye-opening and it explains a lot. In the case of web browsing and Javascript, you've essentially integrated four of those ideas into basic computer use.

    For those who haven't time to read the article, I'll summarise the idiot ideas that have made it into web browsing:

    1. Default Permit. Why on Earth is it the default for most web browsers to run every single little thing they download? It's completely insane - seriously, I can't think of a better way to transmit malware than to sit somebody at a computer and give them a nice easy way to download and automatically run every silly thing they can find, even if the only thing they will run is supposedly sandboxed.

    2. Enumerating Badness. We tell ourselves that it's OK to do this, as long as the end user (if they must run Windows at all) does so with half-decent AV installed. But AV works by keeping a list of "things that are bad" and blocking them all - you know how long that list is these days? You only need one thing to slip the net and your system's 0wned anyway. It's the computer equivalent of having sex with every disease-ridden cheap whore you can find working the streets and hoping to Christ the condom never breaks. The bad thing only needs to be lucky once, you need to be lucky every time.

    3. Penetrate and Patch. Today the issue is at the server end. Four days ago, the issue was in Firefox (latest release was on the 9th December, it fixes a number of security holes). Next week it might be in Adobe Reader or Chrome. Exactly when did it start making good sense to play whack-a-mole with security holes? You don't see them building high-security prisons out of temporary Portakabins and then tacking extra things on in a blind panic every time inmates escape, so why are so many pieces of software that are likely to be exposed to malware designed in exactly this way?

    4. Educating users. Telling people not to click blindly on every ad doesn't work, as anyone who's ever done serious amounts of user support can attest. You always have some people who will click on everything that appears on their PC, if education was going to fix that it would have stopped being a problem years ago. There's a damn good reason why larger companies frequently lock their PCs down so thoroughly they may as well be dumb terminals, and it's not because the IT department is run by a bunch of power-thirsty mini-hitlers. It's because it's the only way to stop the helpdesk being overrun with people ringing in to say "I clicked on this attachment and now I've got everyone complaining that I emailed them a virus. I didn't!".

  6. Re:I've seen stuff coming from MSN for quite somet by mlts · · Score: 5, Insightful

    One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.

    In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.

    To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.