Web ads used to deliver malware
Today’s Wall Street Journal has an article about how banner ads on respectable sites have been used to download malware when the ads are clicked. This has been going on for some time but apparently is beginning to worry advertising agencies that it might hurt their business (not to mention anybody who gets infected). A site that I sometimes mention, Tom’s Hardware, was hit with infected banner ads in May but is now clean as far as is known. The article begins:
Web ads are becoming a delivery system of choice for hackers seeking to distribute viruses over the Internet.
In a development that could threaten the explosive growth of online advertising, hackers have started to exploit security holes in the online-advertising chain to slip viruses into ads. Just going to a site that shows such an ad can infect a user’s computer.
Note that even Google can be dangerous. As the article says:
Clicking on ads that appear in the sponsored-link results section of Web-search engines can also be very dangerous. Web-security firm McAfee Inc. found in May that 6.9% of sponsored links led to suspicious sites that might have automatically downloaded malicious software.
I have posted about drive-by downloads before and how to protect against them. The NoScript and Adblock extensions for the Firefox browser are good defenses. Also, both Internet Explorer 7 and Firefox 2.0 can be configured to prevent anything downloading without your explicit permission.
Another partial defense is to block the known ad agencies by means of a Hosts file.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.