Print 45 comment(s) - last by mindless1.. on Dec 16 at 3:54 AM

Google's DoubleClick and Microsoft's MSN were found to be offering up malicious ads.  (Source: Armorize)
Whoops, sorry guys... those ads were actually malware

Google's advertising subsidiary DoubleClick and Microsoft’s MSN ads service both have admitted to falling for a clever scheme by some nasty black hat hackers.  Malicious banner ads for both services were found to be trying to perform drive-by download exploitation and install malware on users' machines. 

As with many great (or terrible) episodes of computer crime, a key component was clever social engineering.  Hackers created a site called -- one letter away from, a major online advertising technology firm.  Apparently that was enough to get the ads through screeners at Microsoft and Google. 

Security firm Armorize appears to be the first to have noticed the attack.  Wayne Huang chief technology officer of Armorize details the unusual incident in a blog, writing:

Users visit websites that incorporate banner ads from DoubleClick or, the malicious javascript is served from (notice the three f's), starts a drive-by download process and if successful, HDD Plus and other malware are installed into the victim's machine, without having the need to trick the victim into doing anything or clicking on anything. Simply visiting the page infects the visitors. 

Known sites affected: Sites that incorporate DoubleClick or banners, including for example (using DoubleClick),, (using both), and We'd like to note here it's very possible that multiple exchanges, besides those listed here, have been serving the fake ADShufffle's ads.

For all its ingenuity, the attackers used pretty standard exploitation packages, including Neosploit and the Eleonore exploit kit.  Both kits are popular among black hat hackers, but also among security experts who purchase them to battle-test the security of corporate systems.

The latest attack used Javascript exploits to begin a download procedure, which was triggered when users visited a page that was serving the compromised banner ads.  The ad service would then request the code for the ad from the hackers' servers, initiating the attack.  

A Google spokesperson assured that the ads were only up for a very brief time and have since been terminated.  The company is now investigating the incident.  Microsoft did not release a statement, but likely is taking similar measures.

The incident is not Google's first brush with malware advertising.  Previously malicious hackers were found to be leveraging Google's AdWords service.  In that case, as well, the key to the criminals' success was using legitimate-looking links.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Meh
By MindParadox on 12/13/2010 1:46:35 PM , Rating: 3
if you run no virus scanner even with UAC at full tilt you arent safe. you DO realize that, right?

even with UAC i still occasionally get warnings from downloads from places like or even vendors own websites before they remove the infection(or faked page)

RE: Meh
By Spivonious on 12/13/10, Rating: 0
RE: Meh
By Reflex on 12/13/2010 5:31:43 PM , Rating: 1
My user space is my most valuable space. Thats where everything that matters to me resides. You do not have to compromise the OS to turn a system into part of a botnet, or steal important documents. Running without a proactive scanning solution is idiotic, especially when doing so is essentially free nowadays.

I strongly reccomend Microsoft Security Essentials as its extremely lightweight and uses the proper API's without opening up new root holes like many other products do.

RE: Meh
By mindless1 on 12/16/2010 3:42:21 AM , Rating: 2
... except when they exploit a FLAW... because we know windows has never needed patched. Not. Even. Once. Evarrrr. !

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki