We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault.
It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites.
Rogue anti-spyware software that pushes fraudulent PC scans has found its way onto DoubleClick and legitimate sites, including CNN, The Economist, The Huffington Post and the official site of the Philadelphia Phillies.
DoubleClick officials told eWEEK that they have recently implemented a security monitoring system to catch and disable a new strain of malware that has spread over the past several months. This system has already captured and disabled about 100 ads, the company said in a statement, although it didn’t mention this episode in particular.
The bogus anti-spyware onslaught is only part of a bigger wave that’s also included porno ads being swapped for normal ads on sites such as The Wall Street Journal. It’s not yet clear whether the same fraudsters are behind both the porn and the fraudulent anti-spyware ads.
I really hope they do put some serious measure in place that don’t just use a signature for this particular case…something a little more intelligent I hope.
Sunbelt Software has confirmed that Trojans were being downloaded from ads served by DoubleClick as recently as Nov. 11. This malware is the kind that repeatedly pops bogus warning messages about computer infections in users’ faces until they give up in despair and pay $30 to $40 for a junk “security” program.
“The stuff that’s installed is this rogue anti-spyware software that … gives you fake alerts, [such as] ‘Your computer is infected, you must run this.’ Basically it’s extortion. … They try to push you to buy their software,” Sunbelt President Alex Eckelberry told eWEEK.
The malware application is a variant on WinFixer, a piece of malware that pretends to be a diagnostic tool.
I hope we can educate people about these kind of things, sad to say as some of the comments mentioned in the previous post…a lot of people will fall for this – why? Simply because they don’t know any better.
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis
- Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP
- REMnux: A Linux Distribution For Reverse-Engineering Malware
- IBM Distributes Malware Laden USB Drives at AusCERT Security Conference
- nUbuntu Development Kicking Off Again – Security LiveCD
Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,295 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,445 views
- US considers banning DRM rootkits – Sony BMG - 44,926 views