Feeds

'Malvertizement' epidemic visits house of Newsweek.com

Symptoms felt 'all over the net'

SANS - Survey on application security programs

Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.

The malicious ads have been appearing on Newsweek's website via feeds that carry the Washingtonpost.com address, according to this post on the Bluetack Internet Security Solutions site. The ads redirect users to a site that falsely claims users' PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange.

A spokeswoman for the Washington Post referred calls to a Newsweek representative. The representative had not returned a phone call by time of writing.

Newsweek joins a growing list of name-brand websites accused of exposing its readers to dangerous ads. Last week, we reported on a new breed of ad that used malicious Adobe Flash code to hijack the clipboard of users' PCs. MSNBC.com, Digg.com and other websites were said to be running the abusive ads.

"It worries me that I am seeing complaints about malvertizing-like symptoms all over the net implicating - not only Newsweek, but at other big name sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo," Sandi Hardmeier, of the Spyware Sucks blog wrote here. Hardmeier said the ads are extremely hard to spot because they can sit dormant for days before the attacks begin. The use of multiple affiliates to buy and sell online ads also makes it hard for sales staff at established websites to separate legitimate ads from those that are designed to defraud or attack.

If you've witnessed such ads, please leave a comment below, and be sure to provide as much detail as possible about the offending banner.

In many of the recent cases, the malvertizements were created using a popular ad package known as Fuse Kit. Hardmeier recommends in-house ad personnel apply extra scrutiny to graphics that were created using the program. Hardmeier also recommends checking out the credentials of anyone looking to run advertising banners, including their phone number, physical address and credit.

"Take a close look at their websites - who hosts them, who shares their IP address, who shares their mail server and their name server," she adds. "Write to people such as myself and ask for advice and guidance."

There are other tell-tale signs to look for. For example, in the case of Newsweek, the offending ads included the address adoptserver.info, which Hardmeier claims is a "known bad actor." Any graphic that points to the domain name should immediately be suspended. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.