backtop


Print 45 comment(s) - last by mindless1.. on Dec 16 at 3:54 AM


Google's DoubleClick and Microsoft's MSN were found to be offering up malicious ads.  (Source: Armorize)
Whoops, sorry guys... those ads were actually malware

Google's advertising subsidiary DoubleClick and Microsoft’s MSN ads service both have admitted to falling for a clever scheme by some nasty black hat hackers.  Malicious banner ads for both services were found to be trying to perform drive-by download exploitation and install malware on users' machines. 

As with many great (or terrible) episodes of computer crime, a key component was clever social engineering.  Hackers created a site called ADShufffle.com -- one letter away from ADShuffle.com, a major online advertising technology firm.  Apparently that was enough to get the ads through screeners at Microsoft and Google. 

Security firm Armorize appears to be the first to have noticed the attack.  Wayne Huang chief technology officer of Armorize details the unusual incident in a blog, writing:

Users visit websites that incorporate banner ads from DoubleClick or rad.msn.com, the malicious javascript is served from ADShufffle.com (notice the three f's), starts a drive-by download process and if successful, HDD Plus and other malware are installed into the victim's machine, without having the need to trick the victim into doing anything or clicking on anything. Simply visiting the page infects the visitors. 

Known sites affected: Sites that incorporate DoubleClick or rad.msn.com banners, including for example Scout.com (using DoubleClick), realestate.msn.com, msnbc.com (using both), and mail.live.com. We'd like to note here it's very possible that multiple exchanges, besides those listed here, have been serving the fake ADShufffle's ads.

For all its ingenuity, the attackers used pretty standard exploitation packages, including Neosploit and the Eleonore exploit kit.  Both kits are popular among black hat hackers, but also among security experts who purchase them to battle-test the security of corporate systems.

The latest attack used Javascript exploits to begin a download procedure, which was triggered when users visited a page that was serving the compromised banner ads.  The ad service would then request the code for the ad from the hackers' servers, initiating the attack.  

A Google spokesperson assured that the ads were only up for a very brief time and have since been terminated.  The company is now investigating the incident.  Microsoft did not release a statement, but likely is taking similar measures.

The incident is not Google's first brush with malware advertising.  Previously malicious hackers were found to be leveraging Google's AdWords service.  In that case, as well, the key to the criminals' success was using legitimate-looking links.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Meh
By Luticus on 12/14/2010 9:59:40 AM , Rating: 2
quote:
But they can't control a night security guard deciding to use it to browse the web instead of doing his rounds.
with group policy and computer security techniques, yes they absolutely can.

quote:
You're arguing for an update merely because of age.
First, I'm not arguing for an update at all. I'm merely saying that if you get hit by a virus or drive by malware when an updated technology/version of the software your running would have prevented it then that's your fault. That's all I'm saying. I simply think that people should do a better job of keeping up (to some degree) with technology. But I'm not actually suggesting anything as far a purchases go. Basically it boils down to: you cant blame software vendors because your stuff is out of date.

quote:
If the customer only needs software updates once every 5 years, then that is what the market should bear.
see you're assuming that everyone needs the same thing. Software companies have to cater to a lot of different people with many different needs. Personally i like the progression of technology.

quote:
I grew up working with Unix systems, so I'm a bit unsympathetic to Microsoft's growing pains...

Yes unix did do a lot right but they also did a lot wrong. This is why unix is universally regarded as significantly harder to use than windows systems and there is some truth to that. A lot of linux distributions today are rectifying this situation some but linux/unix systems are still a far cry from windows on the customer friendly front. This is why a lot of people actually like osx, because it brings a unix-esque system to the table and mixes it with easy. Unfortunately they also castrated one of unix/linux's best features, it's customization capabilities. And they introduced a little tyranny to the mix as well.

quote:
That's a very narrow and IT-centric view of how to run a business.
I'm not suggesting that companies hang on the every word of what some nerd in their back room is preaching. I'm simply saying that if companies worked with their IT staff to heed some of the warnings and deploy things that are "future ready" or get on a good upgrade path then things would be better.

quote:
The narrow gap between spending just enough money that things don't go to hell
if you're still running win 3.1 or even 95/98 it's fairly safe to say that you've missed this "gap". Again I'm not saying that everyone gets on the newest tech the day it comes out or even that they upgrade every other year. I'm saying plan out an upgrade path and take steps to keep your companies technology at least in the same decade.

quote:
If someone's computer goes down, you immediately swap in a replacement so they can get back to work with little to no downtime. IT then deals with the broken computer, either fixing it or salvaging usable parts from it to fix other broken computers.
There's a little bit of truth to this but it's not entirely accurate. Tech departments typically do keep reserve systems and streamlined image processes so that they can quickly deploy new systems to prevent downtime but the systems they reclaim are either shipped off under warranty or they are disposed of because they are out of warranty. on a 3 year lease system everything is constantly under warranty and when something goes out of warranty it's automatically scheduled to be replaced in the refresh anyway. So yes, you do drop in new systems (even new stuff can break) but there is no scavenging for parts. Everything is shipped back to the company it came from and a replacement is sent back.

This is the way the county government does it, this is the way every other company I've worked for did it, this is the way colleges do it, and if I were running my own company it's the way I'd do it. I recommend nothing less.

Now don't get me wrong, I'm not suggesting that every company do this as not all companies are the same or have the same needs. What I'm saying is that if you get burned because you're running on technology from the 90's that's your fault and you're to blame. That's all.

Well I must say this has been a fun and interesting debate. I've enjoyed myself.

quote:
Your server is where you spend the big bucks to maintain 99.999%+ uptime.
agreed.


"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki