Feeds

Digital Spy fights second malware attack

Oops we did it again

High performance access to file storage

Updated Celebrity and TV gossip website Digital Spy has confirmed reports that its subscribers outside the UK have been exposed to malware. The latest reported outbreak follows an earlier malware infestation, later traced to tainted banner ads, that hit the site only six weeks ago.

Digital Spy is a high-traffic website frequented by surfers gorging on information about celebrity shenanigans and reality TV programmes. As with the previous attack, news that the site might be serving up malware surfaced via posts on Digital Spy's forum.

Subscribers reported warnings from their anti-virus scanner and hijacked connections, re-routing them via dating sites, among other examples of weird behaviour.

In response, Digital Spy issued a statement explaining that untoward content had been served up to US And Australian visitors but was now blocked. It said that the attack stemmed from an advertising exchange and was not confined to Digital Spy alone.

Our advertising operations team were able to successfully reproduce the issues raised by three of our visitors from America and Australia and put into place our new procedures to shut the malware-infected creatives down immediately.

We have been informed by our advertising exchange supplier that other websites operating in these territories experienced the same problem. This attack was, sadly, not confined to Digital Spy.

We are taking this incident, which did not affect our UK traffic, extremely seriously.

Digital Spy is a global website and our international business is very important to us. We expect the same guarantees of safety for UK and non-UK visitors alike and are appalled that despite the implementation of all practical safeguards within our own procedures - which resulted in a swift removal of the problem from our pages - a third party was able to attack us for a second time.

We are instituting a full review of our advertising arrangements and are engaging with the advertising industry, as a global publisher, to find a solution to this worldwide problem.

Attacks such as these have the potential to harm users, publishers and advertisers alike, damaging the internet's entire content delivery ecosystem. They must not be permitted to continue.

Digital Spy users were last exposed to malware via malicious banner ads that appeared in early June in an attack ultimately geared towards distributing rogue security software (AKA scareware). The site pledged to change its procedures following the incident. It's fair to say the site responded far more promptly to concerns in its forums this time around. Nonetheless, the latest incident still raises troubling questions about the overall security of the site. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.