Feeds

Digital Spy fights second malware attack

Oops we did it again

Providing a secure and efficient Helpdesk

Updated Celebrity and TV gossip website Digital Spy has confirmed reports that its subscribers outside the UK have been exposed to malware. The latest reported outbreak follows an earlier malware infestation, later traced to tainted banner ads, that hit the site only six weeks ago.

Digital Spy is a high-traffic website frequented by surfers gorging on information about celebrity shenanigans and reality TV programmes. As with the previous attack, news that the site might be serving up malware surfaced via posts on Digital Spy's forum.

Subscribers reported warnings from their anti-virus scanner and hijacked connections, re-routing them via dating sites, among other examples of weird behaviour.

In response, Digital Spy issued a statement explaining that untoward content had been served up to US And Australian visitors but was now blocked. It said that the attack stemmed from an advertising exchange and was not confined to Digital Spy alone.

Our advertising operations team were able to successfully reproduce the issues raised by three of our visitors from America and Australia and put into place our new procedures to shut the malware-infected creatives down immediately.

We have been informed by our advertising exchange supplier that other websites operating in these territories experienced the same problem. This attack was, sadly, not confined to Digital Spy.

We are taking this incident, which did not affect our UK traffic, extremely seriously.

Digital Spy is a global website and our international business is very important to us. We expect the same guarantees of safety for UK and non-UK visitors alike and are appalled that despite the implementation of all practical safeguards within our own procedures - which resulted in a swift removal of the problem from our pages - a third party was able to attack us for a second time.

We are instituting a full review of our advertising arrangements and are engaging with the advertising industry, as a global publisher, to find a solution to this worldwide problem.

Attacks such as these have the potential to harm users, publishers and advertisers alike, damaging the internet's entire content delivery ecosystem. They must not be permitted to continue.

Digital Spy users were last exposed to malware via malicious banner ads that appeared in early June in an attack ultimately geared towards distributing rogue security software (AKA scareware). The site pledged to change its procedures following the incident. It's fair to say the site responded far more promptly to concerns in its forums this time around. Nonetheless, the latest incident still raises troubling questions about the overall security of the site. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.