Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Major Ad Networks Found Serving Malware

Posted by samzenpus on from the wanna-buy-a-virus? dept.

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

9 of 330 comments (clear)

  1. Of course! by MadUndergrad · · Score: 4, Interesting

    What do you expect from a company called "Doubelclick"? I bet Googel tampers with their search results too.

  2. coulda told ya by Anonymous Coward · · Score: 2, Interesting

    I could have told you that. I narrowed down the issue to MSN/Hotmail a couple days ago and was advising users to stay away for as long as possible/use adblock/noscript.

    I've been dealing with removing this horseshit from end users pc's all week.

    Something interesting I noticed was the malware authors were amateurs- they forgot to setup the fake HDD defrag malware to run at boot on any other user profile besides the one that was infected.

    Made disinfection pretty easy...

  3. Re:Praise for adblock by Mashiki · · Score: 2, Interesting

    Queue people whining and crying that people are thieves and all that because they block ads. Sorry, but if you can't be sure you'll never serve malware. You'll never be allowed to serve ads which might infect my machine with something...nasty. Especially now that ransomware is starting to become the next trend.

    --
    Om, nomnomnom...
  4. Trust model by Inf0phreak · · Score: 5, Interesting

    The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.

    With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

    AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.

    --
    ________
    Entranced by anime since late summer 2001 and loving it ^_^
  5. Re:Noscript wins again by Jah-Wren+Ryel · · Score: 5, Interesting

    What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,

    Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.

    but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

    Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.

    --
    When information is power, privacy is freedom.
  6. Adblock is not that great a protection on its own by Anonymous Coward · · Score: 2, Interesting

    Seen a few people say they use Adblock and all, which is fine, but if you recognize that an ad-server can be compromised, then why not any other web server you visit? How many things are you going to block before it makes the web safe? So many all websites are useless? That's why I found NoScript more annoying than not. Too often I was just saying yes to so much it wasn't really that much more secure.

    Much better to have secure systems inside than walls trying to block everything.

  7. Re:Noscript wins again by CosmeticLobotamy · · Score: 4, Interesting

    A "push" credit card transaction would also solve those problems. Why is it that I can only pay for something by giving my entire credit balance to someone and trusting them to give me back everything but what their invoice says? Why can't I say, "Hey, MasterCard, give this guy $50." He gets an email, his automatic email-getting-password-sender-outer tells me how to get to his jiggly bits. ... I mean, the jiggly bits he has video of, not the ones between his pockets.

  8. Re:Noscript wins again by edgr · · Score: 3, Interesting

    Most of the big banks in Sweden allow you to create a temporary (virtual) credit card with a specified limit and expiry date. You type the credit limit and expiry in, push a button and it spits out a new mastercard number. At least one bank (Swedbank, one of the largest in Scandinavia) requires this kind of card for all online transactions.

  9. Re:I've seen stuff coming from MSN for quite somet by Archangel+Michael · · Score: 3, Interesting

    THIS is why class action lawsuits against the offending malware serving companies needs to be instituted, starting at the biggest baddest adware serving companies. If DoubleClick serves Malware, it is their responsibility and they need to be sued into oblivion.

    Take the profit out of serving ANYTHING to everyone, and start making it cost money, and you'll see the changes you want.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.