backtop


Print 45 comment(s) - last by mindless1.. on Dec 16 at 3:54 AM


Google's DoubleClick and Microsoft's MSN were found to be offering up malicious ads.  (Source: Armorize)
Whoops, sorry guys... those ads were actually malware

Google's advertising subsidiary DoubleClick and Microsoft’s MSN ads service both have admitted to falling for a clever scheme by some nasty black hat hackers.  Malicious banner ads for both services were found to be trying to perform drive-by download exploitation and install malware on users' machines. 

As with many great (or terrible) episodes of computer crime, a key component was clever social engineering.  Hackers created a site called ADShufffle.com -- one letter away from ADShuffle.com, a major online advertising technology firm.  Apparently that was enough to get the ads through screeners at Microsoft and Google. 

Security firm Armorize appears to be the first to have noticed the attack.  Wayne Huang chief technology officer of Armorize details the unusual incident in a blog, writing:

Users visit websites that incorporate banner ads from DoubleClick or rad.msn.com, the malicious javascript is served from ADShufffle.com (notice the three f's), starts a drive-by download process and if successful, HDD Plus and other malware are installed into the victim's machine, without having the need to trick the victim into doing anything or clicking on anything. Simply visiting the page infects the visitors. 

Known sites affected: Sites that incorporate DoubleClick or rad.msn.com banners, including for example Scout.com (using DoubleClick), realestate.msn.com, msnbc.com (using both), and mail.live.com. We'd like to note here it's very possible that multiple exchanges, besides those listed here, have been serving the fake ADShufffle's ads.

For all its ingenuity, the attackers used pretty standard exploitation packages, including Neosploit and the Eleonore exploit kit.  Both kits are popular among black hat hackers, but also among security experts who purchase them to battle-test the security of corporate systems.

The latest attack used Javascript exploits to begin a download procedure, which was triggered when users visited a page that was serving the compromised banner ads.  The ad service would then request the code for the ad from the hackers' servers, initiating the attack.  

A Google spokesperson assured that the ads were only up for a very brief time and have since been terminated.  The company is now investigating the incident.  Microsoft did not release a statement, but likely is taking similar measures.

The incident is not Google's first brush with malware advertising.  Previously malicious hackers were found to be leveraging Google's AdWords service.  In that case, as well, the key to the criminals' success was using legitimate-looking links.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Meh
By mindless1 on 12/16/2010 3:54:57 AM , Rating: 2
"What on earth are you guys doing with technology that freaking old?"

Because it's retarded to change something that still works just because someone else (who doesn't know your business) suggests you *Must* benefit more from doing what they feel is best for them personally.

You are incorrect in thinking it is not "serious" to do what works. Quite a few tasks do not require whatever buzzwords that tech geeks like to throw around.

If you have a system set up for a particular task and it does the task fine on Win3, it is senseless, counterproductive, expensive, and often harmful (downtime) to switch it over for no reason. You *suppose* there are reasons, but in reality the company knows their business, knows newer OS exist, knows best whether they benefit from switching things around or staying with what they have, if it works ok for them.

Actually, fewer WinME and older system exploits are targeted today than XP and newer, and you should note that nowhere was it mentioned that these systems need to be used to surf websites. A Win98 box that doesn't have anything but it's required ports open, behind a corporate firewall, is far more secure than anything (including Linux, Win7, you name it) used as a general purpose all in one entertainment system on the web.

Nobody is backing themselves into a tech hole. You fail to realize that when a box is deployed it is necessarily made secure and once it is, there is no need to change it.

By implying it needs changed, you are conceding that you don't think they can be secure, acknowledging that you were running insecure boxes the whole time other people weren't until you switched to the next magically secure OS, which you later found insecure, so you switched to the next magical OS, which again you find insecure, so switch to the next and so on.

Time to get off the treadmill and learn how to do security. And manage an IT budget.


"Folks that want porn can buy an Android phone." -- Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki