Adverts on legitimate websites have been installing malware on victims' PCs for the last few days. All major online advertisement services have been affected. Visiting a site that uses any of the following services could potentially compromise your computer, with the end result being the installation of spyware and other unwelcome software:
Note the inclusion of Google's DoubleClick and GoogleAdServices services, as well as Yahoo!'s Yieldmanager service.
This situation, which highlights the risks involved when advertising companies sub-contract the content they distribute, has been reviewed by a number of security companies, including F-Secure and ALWIL Software (of Avast! anti-virus software fame).
F-Secure notes the chain of events that took one individual from a legitimate site to a fake anti-virus Trojan. In this example the advert traffic starts with Google's GoogleAdServices.com domain, moves through DoubleClick and Yieldmanager only to end up at a site hosting pharmaceutical goods and a link to the rogue anti-virus site. The following is F-Secure's initial analysis:
+++++("pharmacy" site that contains a link to a Rogue-hosting site)
++++++The Rogue-hosting site
ALWIL Software refers to this scenario as ad-poisoning and notes that, "The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which covers more than 50% [of ALWIL's dataset]."
Trivial note: I first wrote about this type of problem three years ago, when I created this blog. In fact, I wrote Spyware Through Google Adverts within days of starting.