backtop


Print 45 comment(s) - last by mindless1.. on Dec 16 at 3:54 AM


Google's DoubleClick and Microsoft's MSN were found to be offering up malicious ads.  (Source: Armorize)
Whoops, sorry guys... those ads were actually malware

Google's advertising subsidiary DoubleClick and Microsoft’s MSN ads service both have admitted to falling for a clever scheme by some nasty black hat hackers.  Malicious banner ads for both services were found to be trying to perform drive-by download exploitation and install malware on users' machines. 

As with many great (or terrible) episodes of computer crime, a key component was clever social engineering.  Hackers created a site called ADShufffle.com -- one letter away from ADShuffle.com, a major online advertising technology firm.  Apparently that was enough to get the ads through screeners at Microsoft and Google. 

Security firm Armorize appears to be the first to have noticed the attack.  Wayne Huang chief technology officer of Armorize details the unusual incident in a blog, writing:

Users visit websites that incorporate banner ads from DoubleClick or rad.msn.com, the malicious javascript is served from ADShufffle.com (notice the three f's), starts a drive-by download process and if successful, HDD Plus and other malware are installed into the victim's machine, without having the need to trick the victim into doing anything or clicking on anything. Simply visiting the page infects the visitors. 

Known sites affected: Sites that incorporate DoubleClick or rad.msn.com banners, including for example Scout.com (using DoubleClick), realestate.msn.com, msnbc.com (using both), and mail.live.com. We'd like to note here it's very possible that multiple exchanges, besides those listed here, have been serving the fake ADShufffle's ads.

For all its ingenuity, the attackers used pretty standard exploitation packages, including Neosploit and the Eleonore exploit kit.  Both kits are popular among black hat hackers, but also among security experts who purchase them to battle-test the security of corporate systems.

The latest attack used Javascript exploits to begin a download procedure, which was triggered when users visited a page that was serving the compromised banner ads.  The ad service would then request the code for the ad from the hackers' servers, initiating the attack.  

A Google spokesperson assured that the ads were only up for a very brief time and have since been terminated.  The company is now investigating the incident.  Microsoft did not release a statement, but likely is taking similar measures.

The incident is not Google's first brush with malware advertising.  Previously malicious hackers were found to be leveraging Google's AdWords service.  In that case, as well, the key to the criminals' success was using legitimate-looking links.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Meh
By Smilin on 12/13/2010 2:08:22 PM , Rating: 2
True, but..

An 8K rollout only seems expensive until you start looking at the productivity comparison between XP era hardware running XP and IE6 vs modern hardware running Windows 7.

Plus the first time you say leak customer data due to running insecure old crap you'll find out what *real* cost is all about.


RE: Meh
By Solandri on 12/13/2010 4:23:40 PM , Rating: 2
quote:
An 8K rollout only seems expensive until you start looking at the productivity comparison between XP era hardware running XP and IE6 vs modern hardware running Windows 7.

Back in the day, we ran businesses on computers with 8 MHz processors and 64 kB of RAM. The improvements in computer hardware since then have mostly been canceled out by increased bloat in new versions of software. If you compare how long it took a secretary to draft a letter on an IBM PC in the 1980s vs. today, there hasn't been much improvement in productivity.

There are certain fields where the additional capability is useful: number-crunching, database lookups, 3D rendering, etc. But for most business tasks, there has been very little productivity gain from upgrading computers. In fact, my hunch is the next revolution in business computing is going to be downsizing the computer, in favor of something less capable but more portable which the worker can carry around as they work.

quote:
Plus the first time you say leak customer data due to running insecure old crap you'll find out what *real* cost is all about.

Honestly, from what I've seen, leaking customer data doesn't seem to have much if any negative consequences. It's sad, but it seems most customers just don't care. What usually ends up driving computer upgrades is security concerns about leaking company data, and compliance requirements (e.g. submitting medical billing under HIPAA guidelines required new software which frequently necessitated computer upgrades).


RE: Meh
By Spivonious on 12/13/2010 4:47:42 PM , Rating: 2
Building off of your "downsizing" comment, at my company we're seeing big investments in dumb terminals. They all get a virtualized machine when logging in. Software updates are cake, if the system breaks you just get a new dumb box and all of your stuff is right where you left it. System getting slow? Upgrade the server.

It's a very elegant solution, and a heck of a lot better than supporting 10 years worth of various PCs.


RE: Meh
By HoosierEngineer5 on 12/13/2010 6:22:52 PM , Rating: 2
You do realize that that's exactly the approach Digital took 30+ years ago with their VAX?


RE: Meh
By Spivonious on 12/14/2010 10:12:52 AM , Rating: 2
Yes, but today's technology allows people to actually do work on the dummy terminals, and the server doesn't take up an entire floor of an office building.


RE: Meh
By HoosierEngineer5 on 12/13/2010 6:31:30 PM , Rating: 1
Exactly.

Plus, you need to consider up-training of the support desk. More times than not, applications which had run smoothly in the past start acting up. Then, usually, if a re-boot doesn't fix it, you need to live with it. And I work for a high technology company with 50,000+ employees. Truly, in many casess, I see poorer response from current networked multi-core PCs than back in the DOS days. And poorer stability.


“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki