Adverts on legitimate websites have been installing malware on victims' PCs for the last few days. All major online advertisement services have been affected. Visiting a site that uses any of the following services could potentially compromise your computer, with the end result being the installation of spyware and other unwelcome software:
- advertangel.com
- bannerconnect.net
- bannerimg.com
- bidsystem.com
- doubleclick.net
- globaltakeoff.net
- googleadservices.com
- jambovideonetwork.com
- myspace.com
- openx.net
- specificclick.net
- unanimis.co.uk
- vuze.com
- xtendmedia.com
- yieldmanager.com
- zedo.com
- vestraff.com
Note the inclusion of Google's DoubleClick and GoogleAdServices services, as well as Yahoo!'s Yieldmanager service.
This situation, which highlights the risks involved when advertising companies sub-contract the content they distribute, has been reviewed by a number of security companies, including F-Secure and ALWIL Software (of Avast! anti-virus software fame).
F-Secure notes the chain of events that took one individual from a legitimate site to a fake anti-virus Trojan. In this example the advert traffic starts with Google's GoogleAdServices.com domain, moves through DoubleClick and Yieldmanager only to end up at a site hosting pharmaceutical goods and a link to the rogue anti-virus site. The following is F-Secure's initial analysis:
+partner.googleadservices.com
++pubads.g.doubleclick.net
+++ad.bannerconnect.net
++++ad.yieldmanager.com
+++++("pharmacy" site that contains a link to a Rogue-hosting site)
++++++The Rogue-hosting site
ALWIL Software refers to this scenario as ad-poisoning and notes that, "The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which covers more than 50% [of ALWIL's dataset]."
Trivial note: I first wrote about this type of problem three years ago, when I created this blog. In fact, I wrote Spyware Through Google Adverts within days of starting.
No comments:
Post a Comment