Google's advertising subsidiary DoubleClick and Microsoft’s MSN ads
service both have admitted to falling for a clever scheme by some nasty black
hat hackers. Malicious banner ads for both services were
found to be trying to perform drive-by download exploitation and install
malware on users' machines.
As with many great (or terrible) episodes of computer crime, a key
component was clever social engineering. Hackers created a site called
ADShufffle.com -- one letter away from ADShuffle.com, a major online
advertising technology firm. Apparently that was enough to get the ads
through screeners at Microsoft and Google.
Security firm Armorize appears to be the first to have noticed the
attack. Wayne Huang chief technology officer of Armorize details the
unusual incident in a blog, writing:
Users visit websites that incorporate banner ads from DoubleClick or
three f's), starts a drive-by download process and if successful, HDD Plus and
other malware are installed into the victim's machine, without having the need
to trick the victim into doing anything or clicking on anything. Simply
visiting the page infects the visitors.
Known sites affected: Sites that incorporate DoubleClick or
rad.msn.com banners, including for example Scout.com (using DoubleClick),
realestate.msn.com, msnbc.com (using both), and mail.live.com. We'd like to
note here it's very possible that multiple exchanges, besides those listed
here, have been serving the fake ADShufffle's ads.
For all its ingenuity, the attackers used pretty standard exploitation
packages, including Neosploit and the Eleonore exploit kit. Both kits are
popular among black hat hackers, but also among security experts who purchase
them to battle-test the security of corporate systems.
procedure, which was triggered when users visited a page that was serving the
compromised banner ads. The ad service would then request the code for
the ad from the hackers' servers, initiating the attack.
A Google spokesperson assured that the ads were only up for a very
brief time and have since been terminated. The company is now
investigating the incident. Microsoft did not release a statement, but
likely is taking similar measures.
incident is not Google's first brush with malware advertising. Previously
malicious hackers were found to be leveraging Google's AdWords service. In
that case, as well, the key to the criminals' success was using
quote: I run win7 with UAC at the highest setting back to vista's default setting I run no virus scanner and haven't had an issues in years on my machine.
quote: or require disabling most the security in Windows 7 to make them run.
quote: Pre win xp is 10+ years ago, if you've still got stuff kicking around from that long ago then your company isn't taking technology or keeping up with the times very seriously.I know it's expensive and hard to get old software to work on newer platforms or rewrite and convert and such but my GOD... windows 3.x... Really?
quote: Anything pre windows xp/2000 shouldn't even be "online" anymore in a corporate environment due to security concerns and the fact that it isn't supported anymore.
quote: The purpose of a company is to conduct whatever business they run, not to keep their computers up to date...
quote: Paying to replace equipment which is still doing its job just fine is a needless waste of money. That "it isn't supported anymore" isn't even a factor.
quote: and I'd bet most businesses out there would just prefer it if software companies would support their old releases for longer
quote: Yes up-to-date software is always desired by IT staff.
quote: The smallest hint of 'not impossible' and the purse strings tighten and are sealed in a locked box. And guarded with tasers and other painful things.
quote: This logic right here is a fine example of why there are so many viruses plaguing out internet.
quote: I'm not suggesting you run out an buy new stuff the second it comes out, but come on... once something is pushing 10 years old i think it's time to consider an update.
quote: There are two issues i have with this statement. First is that software companies need to make money too. They do this by releasing new software every-so-often.
quote: Second, sometimes improved security requires a heavy architecture change to the software which would require a near complete rewrite (hence xp -> vista growing pains). Changing the entire architectural design of your software requires a new release because software engineers need to be paid to do that kind of heavy modification. it's easy to simply say that software company should lengthen support cycles but in a lot of ways it highly impractical to do this and not just because of corporate greed.
quote: For good reason too... perhaps if IT was heard network security would be top notch and nothing would ever break.
quote: The vast majority of the business world is all done via computers these days. Logic should dictate that you'd want to keep them top notch so as to not loose valuable time fixing them when crap inevitably hits the fan.
quote: But they can't control a night security guard deciding to use it to browse the web instead of doing his rounds.
quote: You're arguing for an update merely because of age.
quote: If the customer only needs software updates once every 5 years, then that is what the market should bear.
quote: I grew up working with Unix systems, so I'm a bit unsympathetic to Microsoft's growing pains...
quote: That's a very narrow and IT-centric view of how to run a business.
quote: The narrow gap between spending just enough money that things don't go to hell
quote: If someone's computer goes down, you immediately swap in a replacement so they can get back to work with little to no downtime. IT then deals with the broken computer, either fixing it or salvaging usable parts from it to fix other broken computers.
quote: Your server is where you spend the big bucks to maintain 99.999%+ uptime.
quote: An 8K rollout only seems expensive until you start looking at the productivity comparison between XP era hardware running XP and IE6 vs modern hardware running Windows 7.
quote: Plus the first time you say leak customer data due to running insecure old crap you'll find out what *real* cost is all about.
quote: It only automatically installs something if you're dumb enough to turn off UAC or are running a 10 year-old OS.
quote: It only automatically installs something if you're dumb enough to turn off UAC or are running a 10 year-old OS. While it is surprising that this got through both Google's and MS's filters, it shouldn't have much of an impact on users.