'Malvertizement' epidemic visits house of Newsweek.com
Symptoms felt 'all over the net'
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.
The malicious ads have been appearing on Newsweek's website via feeds that carry the Washingtonpost.com address, according to this post on the Bluetack Internet Security Solutions site. The ads redirect users to a site that falsely claims users' PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange.
A spokeswoman for the Washington Post referred calls to a Newsweek representative. The representative had not returned a phone call by time of writing.
Newsweek joins a growing list of name-brand websites accused of exposing its readers to dangerous ads. Last week, we reported on a new breed of ad that used malicious Adobe Flash code to hijack the clipboard of users' PCs. MSNBC.com, Digg.com and other websites were said to be running the abusive ads.
"It worries me that I am seeing complaints about malvertizing-like symptoms all over the net implicating - not only Newsweek, but at other big name sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo," Sandi Hardmeier, of the Spyware Sucks blog wrote here. Hardmeier said the ads are extremely hard to spot because they can sit dormant for days before the attacks begin. The use of multiple affiliates to buy and sell online ads also makes it hard for sales staff at established websites to separate legitimate ads from those that are designed to defraud or attack.
If you've witnessed such ads, please leave a comment below, and be sure to provide as much detail as possible about the offending banner.
In many of the recent cases, the malvertizements were created using a popular ad package known as Fuse Kit. Hardmeier recommends in-house ad personnel apply extra scrutiny to graphics that were created using the program. Hardmeier also recommends checking out the credentials of anyone looking to run advertising banners, including their phone number, physical address and credit.
"Take a close look at their websites - who hosts them, who shares their IP address, who shares their mail server and their name server," she adds. "Write to people such as myself and ask for advice and guidance."
There are other tell-tale signs to look for. For example, in the case of Newsweek, the offending ads included the address adoptserver.info, which Hardmeier claims is a "known bad actor." Any graphic that points to the domain name should immediately be suspended. ®
COMMENTS
Our company has fallen
At least three of our users have gotten various malware from exactly this.
I just recommended the Adblock + and Noscript add-ons for firefox, but unfortunately only the technically aware use firefox habitually.
Fingers crossed this will learn 'em good.
Do people want to see ads?
I don't. Ever.
Adblock here too --- and flashblock so I can decide not to see some other annoying stuff too.
Confused
> If you've witnessed such ads, please leave a comment below.
There's no way to tell as far as I can see.
Surely I'd need to click it in order to realize it's a mal-ad, no?
Unless you mean there are people who actually click ads on web pages?? weird.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
