Google DoubleClick malicious ad warning
p2pnet news view Security | Advertising:- “Websense Security Labs ThreatSeeker Network has discovered that the eWeek.com Web site is serving malicious advertisements (malvertisements) to visitors,” it said.
Advertising company Google is dangerous and not to be trusted: that we know.
With that in kind, Google’s DoubleClick ad network was, “once again been caught distributing malicious banner displays, this time on the home page of eWeek,” as The Register put it.
“Unsuspecting end users who browse the Ziff Davis Enterprise Holdings-owned site were presented with malvertisements with invisible iframes that redirect them to attack websites, according to researchers at Websense,” it said.
“The redirects use one of two methods to infect users with malware, including rogue anti-virus software.”
eWeek promises the bug, Anti-Virus-1, has been eradicated.
“Attackers inserted malware into ads in an apparent attempt to get users to download rogue anti-virus software, eWEEK finds,” eWeek stated, going on »»»
The malware authors attempted to exploit a patched vulnerability affecting Adobe Acrobat and Reader that is unrelated to recent security reports of a zero-day bug. eWEEK.com and other Ziff Davis Enterprise sites were affected, though the ads were taken down shortly after the situation was discovered and the site is now clean.
Attackers infected some advertisements on the eWEEK.com Web site Feb. 23 in an apparent attempt to get readers to download a rogue anti-virus application. eWEEK has found the exploit and removed the infected code from its Web site.
Although the exploit involved a bug affecting Adobe Reader and Adobe Acrobat, it is not related to the zero-day Adobe bug publicized Feb. 20, and is detected by Symantec as ‘bloodhound.exploit.213.’
The infected code was found early Feb. 24 and the infected ads were removed from the eWEEK site within a short time. The eWEEK Web site is now working without any problems.
However, “Given DoubleClick’s tremendous reach, it’s possible the rogue ads have shown up on websites other than eWeek,” The Register has Dan Hubbard, vice president of security research at Websense, pointing out.
The story quotes a Google spokesman as promising: “Our scanners have found a few instances of these malware ads in the DoubleClick network. As such, we’ve added these domains to our malware list and are in the process of removing any offending ads from our ad network.”
How many is ‘a few’?
“He declined to say how long the attacks had been active, how many websites they affected or how the attackers were able to bypass Doubleclick’s defenses.”(Thanks, catflap)
malvertisements – eWeek Web Site Leads Users to Rogue Anti-Virus (AV) Application, February 24, 2009
The Register - Google’s DoubleClick spreads malicious ads (again), February 24, 2009
eWeek – Attackers Infect Ads with Old Adobe Vulnerability Exploit, February 24, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
February 27th, 2009 at 9:28 am
“He declined to say how… the attackers were able to bypass Doubleclick’s defenses.”
Doubleclick’s “defenses”?!
That’s an oxymoron!
February 28th, 2009 at 3:13 am
It showed up on deviantART, so that means something.