Feeds

'Malvertizement' epidemic visits house of Newsweek.com

Symptoms felt 'all over the net'

5 things you didn’t know about cloud backup

Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.

The malicious ads have been appearing on Newsweek's website via feeds that carry the Washingtonpost.com address, according to this post on the Bluetack Internet Security Solutions site. The ads redirect users to a site that falsely claims users' PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange.

A spokeswoman for the Washington Post referred calls to a Newsweek representative. The representative had not returned a phone call by time of writing.

Newsweek joins a growing list of name-brand websites accused of exposing its readers to dangerous ads. Last week, we reported on a new breed of ad that used malicious Adobe Flash code to hijack the clipboard of users' PCs. MSNBC.com, Digg.com and other websites were said to be running the abusive ads.

"It worries me that I am seeing complaints about malvertizing-like symptoms all over the net implicating - not only Newsweek, but at other big name sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo," Sandi Hardmeier, of the Spyware Sucks blog wrote here. Hardmeier said the ads are extremely hard to spot because they can sit dormant for days before the attacks begin. The use of multiple affiliates to buy and sell online ads also makes it hard for sales staff at established websites to separate legitimate ads from those that are designed to defraud or attack.

If you've witnessed such ads, please leave a comment below, and be sure to provide as much detail as possible about the offending banner.

In many of the recent cases, the malvertizements were created using a popular ad package known as Fuse Kit. Hardmeier recommends in-house ad personnel apply extra scrutiny to graphics that were created using the program. Hardmeier also recommends checking out the credentials of anyone looking to run advertising banners, including their phone number, physical address and credit.

"Take a close look at their websites - who hosts them, who shares their IP address, who shares their mail server and their name server," she adds. "Write to people such as myself and ask for advice and guidance."

There are other tell-tale signs to look for. For example, in the case of Newsweek, the offending ads included the address adoptserver.info, which Hardmeier claims is a "known bad actor." Any graphic that points to the domain name should immediately be suspended. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.