- Oct 9, 1999
- 21,019
- 156
- 106
Saw this reported in eWeek magazine. Here's what's going on:
- A front organization registers a large number of domains. They contact mainstream websites to buy ads and send the Flash ad to the site (sites will want to approve the ads first).
- Embedded in the ad are redirects to the malicious site, using Shockwave Flash Objects. The redirects do not activate until a certain time or when displayed in certain geographic locations. This keeps the ad reviewer from detecting the malware.
- The producers of the ads can control what the scripts do, which could include swapping out the innocent ad for a porn, Viagra or bogus spyware remover ad. Sometimes the malware ads are copies of legit ads with the scripts embedded, so people get hit with malware but only see a legit ad. Sometimes the scripts took over the browser and told users to download a (bogus) anti-virus app in order to fix the problem.
Bogus ads have been found on Google, Yahoo, the Wall Street Journal, MLB.com, Billboard and other big sites. Currently the online ad managers and security researchers have no tools to combat this. One researcher said as long as you accept Flash and ActionScript, there's no way to rule this problem out. Some sites have had a 1,000% increase in complaints about inappropriate ads appearing on sites which have good reputations.
- A front organization registers a large number of domains. They contact mainstream websites to buy ads and send the Flash ad to the site (sites will want to approve the ads first).
- Embedded in the ad are redirects to the malicious site, using Shockwave Flash Objects. The redirects do not activate until a certain time or when displayed in certain geographic locations. This keeps the ad reviewer from detecting the malware.
- The producers of the ads can control what the scripts do, which could include swapping out the innocent ad for a porn, Viagra or bogus spyware remover ad. Sometimes the malware ads are copies of legit ads with the scripts embedded, so people get hit with malware but only see a legit ad. Sometimes the scripts took over the browser and told users to download a (bogus) anti-virus app in order to fix the problem.
Bogus ads have been found on Google, Yahoo, the Wall Street Journal, MLB.com, Billboard and other big sites. Currently the online ad managers and security researchers have no tools to combat this. One researcher said as long as you accept Flash and ActionScript, there's no way to rule this problem out. Some sites have had a 1,000% increase in complaints about inappropriate ads appearing on sites which have good reputations.
Facebook
Twitter