Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Major Ad Networks Found Serving Malware

Posted by samzenpus on from the wanna-buy-a-virus? dept.

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

10 of 330 comments (clear)

  1. Noscript wins again by wizardforce · · Score: 5, Insightful

    One more example of why ad blocking has its security benefits. What's worse is that doubleclick and friends are used by pretty much every site out there including Slashdot. It's a shame that although a lot of people would be willing to support sites like Slashdot allowing a few ads to load occasionally; doubleclick just isn't trustworthy enough to allow that.

    --
    Sigs are too short to say anything truly profound so read the above post instead.
    1. Re:Noscript wins again by cappp · · Score: 5, Insightful

      And this is why I blanket block all ads on all sites. It's an incrediably blunt instrument, but its the only way to avoid this kind of thing apparantly.

      What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines, but I just can't justify exposing myself to whatever that week's ad-based crazy shit danger happens to be. It's similar to how I feel about porn sites - the responsible part of my wants to subscribe and send them a little cash for the assistance rendered by their presentation of jiggly bits being jiggly...but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

      So now I find myself chosing between doing that right thing - supporting the services I use - and the secure thing. And as it happens, the secure thing wins out.

    2. Re:Noscript wins again by Jah-Wren+Ryel · · Score: 5, Interesting

      What sucks is that I'd actually like to support the sites I frequently visit, and ad views clearly have a significant effect on their various bottom lines,

      Ad views have become the defacto micropayment system. If we had an alternative, sites wouldn't have to be dependent on privacy-invasive and security-breaking ad systems. I'm sure that many would anyway, but they would at least have other options.

      but that same responsible part is also well aware that any kind of commercial interaction with said pornographers has a suspicious way of going horribly wrong.

      Micropayments could solve that problem too - anonymous microcash would be almost completely immune to the kind of abuses that you are avoiding.

      --
      When information is power, privacy is freedom.
    3. Re:Noscript wins again by hairyfeet · · Score: 5, Informative

      As a PC repair guy with waaaay too many click happy customers I'd say your best bets in the free AV category are MS Essentials and Comodo AV. In my experience thanks to its auto sandboxing of all apps unless told otherwise Comodo is a little better protection, but of course as with most of the "smart" AVs it has a bit of a learning curve, and will ask you questions for about a week until you've launched all your daily apps. Nice thing is it has built in limited whitelists with core Windows system behaviors so it don't bug you when Windows is doing what it is supposed to be doing, like scheduled tasks. MS Essentials doesn't ask you squat and is pretty unobtrusive but I wouldn't recommend it for those that are click happy or go to dodgy sites because of its lack of sandboxing and registry virtualization so if anything does manage to get past it your borked. But it does have a good detection rate and is a hell of a lot less bloated and buggy than AVG.

      As for TFA this is why I install Firefox with ABP on every customer's PC and show them how easy it is to use. by having them block ads I've found their rates of return because of infection dropped by a good 80%. While I understand that sites like /. need to make money, having their PCs turned into a zombie or having their CC stolen by a keylogger simply makes ads too risky at this point in time. It is as I said that JavaScript is becoming just as big a vector of infection as ActiveX ever was. I'm sure that we'll look back in 5 to 10 years and go "WTF were we thinking?" with JavaScript just as we do with ActiveX now. Trusting third party code served up from some ad bunch with no control over content or risk is just a bad way for a site to do business. If they are gonna serve ads than maybe we should go back to simple text and picture ads which don't require code to run.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:Noscript wins again by Ecuador · · Score: 5, Informative

      You think that is smart eh? Oh, boy, are you in for a suprise!
      Using debit cards to be "safer" is the worst idea possible. All credit cards have fraud protection. If someone uses it fraudulently, as long as you catch it within a couple of months, you are not responsible for paying it. When you give your credit card number to someone you are giving access to your credit line, provided by your bank, not your money directly, and when they charge your card they won't draw money from you, they will post a charge for which they will get paid later by the bank and you will be asked to pay for it.
      Now, if you give your debit card, you are giving your bank account. A transaction draws money from your account immediately, good luck trying to reverse that later, I mean it is YOUR money gone, not the bank's money. Then, the fact that you don't have overdraft protection does not mean much. First of all you will have the bounce fee. Secondly, there have been many instances where banks go ahead and honor the overdrawing (it has happened to me once, they charged both the fee AND overdrew the account, it was either Wacovia or Chase...) and when you ask them about it they say "because you are a good customer our system allowed it".
      There are of course many other reasons for using a credit card. For example you get extended warranty (AMEX doubles 1-year warranties), cashback etc.
      If you want to be secure there are virtual account numbers that many CC provide. Some of them can be set with a pre-set limit. But be careful, similar to a bank account there are times where the bank will still honor going over the limit. The difference is, you will NOT have paid it with your money. You will receive a bill showing the fraud and you will file for it to be cleared. It has happened to me a couple of times and I shudder at the thought of that being my debit card...

      --
      Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    5. Re:Noscript wins again by Ecuador · · Score: 5, Insightful

      You are not bad on the insulting department. Not great on the how things work department though, but with that attitude you can't possibly be helped.

      Just so we are clear, originally I did not think you were dumb. My tone was aiming to make it clear to you and to other people that debit cards are a bad idea regardless how well you think you have thought things through. In my second favorite forum (FW Finance) I have read so many stories about how people have gotten screwed, it is not even funny. For example, do you know that debit card transactions are processed by the end of the day in an order the Bank decides? What do you think will happen with a fraudulent charge the same day as a legit purchase? Also, did you know that normally a merchant asks for authorization before putting a charge through (and gets declined in your case if you don't have funds), but at least the VISA network also allows charges WITHOUT authorization (and think whether a fraudster will ask for authorization)? That was probably how I got a negative charge on an account that had no overdrawing and if you think a negative balance on your bank account does not mean that is your money missing, you are sadly mistaken.
        Anyway, I at least hope you don't use a really bad (customer-friendly-wise) bank (like, say, BofA).
      And to re-iterate, no, I did not think you were dumb, but you did come out as a douche with your second post.

      --
      Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  2. Trust model by Inf0phreak · · Score: 5, Interesting

    The trust model of online advertising is in my opinion fundamentally broken. A big part of the security model of the web is domain-based - e.g. the same origin policy - but this goes down the drain with third party ads hosted on yet another third party's server.

    With online advertising it was for the first time possible to measure the effect of ad campaigns better than "how many saw it and did we sell more after it?" What did this bring us? "PUNCH THE MONKEY!", "LOOK AT THE BLINKING LIGHTS!", "BEEP BLOOP BEEEEEP!!!" and perhaps most insidiously it broke the domain-based model of trust on the web since everything had to be put on the advertising hosters' servers to deter click fraud and whatnot.

    AdBlock doesn't just save you bandwidth and reduces the annoyance of browsing the web, it is also one of the best tools for avoiding drive-by malware from ads.

    --
    ________
    Entranced by anime since late summer 2001 and loving it ^_^
  3. Re:is there anyone left NOT running adblock? by countertrolling · · Score: 5, Funny

    There really should be a license requirement for using computers on the internet

    No way! Next you'll be demanding sobriety checks. So let's just nip that dumb idea in the bud, shall we?

    --
    For justice, we must go to Don Corleone
  4. This drive by thingy everyone is talking about by Ismellpoop · · Score: 5, Funny

    well its bullshit every time an add tried to install something the package manager won't open them. Shit I've tried every distro out there and I still can't open them up. What am I doing wrong can someone please help me. I really want to see all these cool things the rest of the world is experiencing.

  5. Re:I've seen stuff coming from MSN for quite somet by mlts · · Score: 5, Insightful

    One of my honeypot VMs I use for Web browsing got hit by that when I was visiting a top named site.

    In my experience, now that a lot of users are not just running executables willy-nilly, compromised ad networks serving up malicious pages to try to compromise browsers or add-ons is the #1 threat in my book.

    To drive the point home, I use AdBlock on the main machine I use for Web browsing. I have yet to see a single script related to PC Antivirus. In reality, AdBlock provides more protection than most AV utilities, because once the Web browser is compromised, most AV utilities are completely useless in detecting and stopping that.