The problem of malware-infected adverts – which are often loaded from external databases – has been well documented in the internet industry, but Alwil says that the problem is now spreading to Google ad serving platforms as well.
The rising problem, the IT security vendor claims, is down to negligence and poor security on the part of the major online advertising agents.
Alwil says that the infected adverts end up infecting innocent users of people visiting leading websites such as Google and Yahoo.
And, the firm adds, because the most compromised services are Yieldmanager.com (part of Yahoo) and fimserve.com (part of Fox Audience Network), more than 50% of online ads could be affected.
The researchers also claim that the list of poisoned ad services is quite extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com.
Jiri Sejtko, senior virus analyst with Alwil, said that the poisoned ad infiltration method is growing in popularity because it does not require users to click on anything. "Users can get infected just by reading their favourite (online) newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser", he said.
Avast Virus Labs is making the attack methodology as JS:Prontexi, noting it as a JavaScript attack code that acts as a channel for malware attacks on vulnerable software such as Adobe and a range of other zero-day exploits.
"JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing", said Sejtko.
"Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware", he added.
According to Sejtko, consumers should not immediately accuse their antivirus program of a false positive when a familiar site gets blocked.
There can be a real danger, he explained, as Avast and Kaspersky both blocked yieldmanager earlier this year because of these attacks.
And, he warned, if these advertising services get too infected, the easiest way to protect users is to block them completely.
Comments
lizkulin says:
22 March 2010
I would like to clarify that ZEDO is not a "poisoned ad service". ZEDO enables internet publishers to serve advertisment on their webpages, and actually fines customers who use the internet to spread viruses. We believe that it is critial for internet users to know that their web surfing is tracked by their browser via "browser cookies, " which are tiny bits of text that get stored on your computer, by your web browser, when you visit websites. It is true that cookies do log information about some of your online habits, but they do not steal personal information, or share personal information, or enable viruses to invade your computer.
Ad servers like ZEDO assign your browser a cookie and use the text file to determine which ads to show you, in effort to better your online experience. Learn more by reading our “Cookies can be good for you!” blog entry at http://blog.zedo.com/.
We respect all users who wish not to participate in this environment, and provide clear opt-out directions on our website at this link: http://www.zedo.com/company/optout.htm.
Liz Kulin
Marketing Manager
www.zedo.com
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.