SBS - The Best Value in QMS software

Hackers Use Banner Ads on Major Sites to Hijack Your PC


Fully vaccinated are you?
Staff member
Of course, it can't install anything on Macs, but I've seen this on several large sites I visit. Even on a Mac I had to quit Firefox to 'get out' of it.

Here's a video demonstration of the rogue ads:

From Wired News:
Wired News said:
The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software.

And the ads do their dirty work even if you don't click on them.

The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's to the news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory.

If you've seen any of the ads, you may have experienced something like this: You're on a legitimate site. Your browser window closes down. A new browser window comes up, redirecting you to an antivirus site, while a dialog box comes up telling you that your computer is infected and that your hard drive is being scanned. The malware tries to download software to your computer and scans your hard drive again.

The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, which appear to be triggered at preset times or at selected Web domains.

John Mark Schofield, a Los Angeles IT director, encountered the ads on He thinks that because he was on a Mac OS computer, the damage wasn't so severe. "My feeling is that it would have caused me a lot more grief if I had been on a Windows computer: It may have installed the malware. Instead, it took over my browser, which I just fixed by exiting Firefox," Schofield says.

DoubleClick acknowledges the malware is out there, and says it has implemented a new security-monitoring system that has thus far captured and disabled a hundred ads.

"This is an industry-wide challenge. Unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment," says Sean Harvey, senior product manager at DoubleClick DART.

Publishers may be somewhat culpable, too. The distributor of the malware-infected ads is believed to be AdTraff, an online-marketing company with reported ties to the Russian Business Network, a secretive internet service provider that, security firms say, hosts some of the internet's most egregious scams. AdTraff is believed to have posed as a legitimate advertiser, using its partners as references. The ads were almost always paid for with credit cards or wire transfers, according to Alex Eckelberry, CEO of Sunbelt Software, a provider of security software.

"The AdTraff guys probably register at a bunch of sites -- maybe more than 300. They say they're advertisers. They get the sales guys at the end of the quarter when they're anxious to take the deal. (AdTraff) wires the cash, and they buy the inventory on the site," Eckelberry says.

AdTraff could not be reached for comment. The company lists a phone number in Germany which leads to a generic voicemail box.
Elsmar Forum Sponsor

Wes Bucey

Prophet of Profit
My spyware scan today showed I had picked up three "Rogue" [the spyware scanner's term] spies which from the description presented by the spyware scanner are the kind which offer bogus checking of your computer and then proceed to plant their own little time bombs.

I don't bother to investigate further, I just click the "destroy" button and go blithely on my way.
I don't bother to investigate further, I just click the "destroy" button and go blithely on my way.
I usually don't get them at all... As soon as I notice that my popup-blocker starts kicking in more often, I update my hosts file: Assigning the culprit to IP (which just happens to be the local machine) will make the machine search for the offending page internally instead of on the open web. Of course it will not find it there, and nothing bad happens.:D


Jim Wynne

Staff member
On a peripherally related note, I just discovered yet another type of phishing scam in my Gmail spam bucket. It's a notice alleging to be from the IRS, telling me that I have a $99.00 refund coming, and giving me a link to go and get it. I have a feeling it's yet another implementation of the so-called Storm worm, which was also discussed on the Cove here.
Thread starter Similar threads Forum Replies Date
Marc Hackers unleash smart Twitter phishing tool that snags two in three users IEC 27001 - Information Security Management Systems (ISMS) 7
Marc Hackers Scrape LinkedIn Member Profiles After Work and Weekend Discussion Topics 12
Wes Bucey Hackers now aiming at Mac users After Work and Weekend Discussion Topics 1
W Hackers and software developers - Colleagues working to make software better? After Work and Weekend Discussion Topics 4
Marc Hackers Tune In to Windows Media Player - Two new Trojans After Work and Weekend Discussion Topics 4
D Looking for ISO/TS 16949:2009 Banner IATF 16949 - Automotive Quality Systems Standard 2
D Where can I buy an AS9100 / ISO 9001:2000 Banner? Misc. Quality Assurance and Business Systems Related Topics 3
Marc Does this browser make me look fat? Opting out of tracking ads After Work and Weekend Discussion Topics 1
M Online Ads - Do you even see them? After Work and Weekend Discussion Topics 11
B Google AdSense "Interest Based" Ads Coffee Break and Water Cooler Discussions 4
howste What the ???? Funny Ads Funny Stuff - Jokes and Humour 5
Jim Wynne Gallery of Graphic Design: An Archive of Magazine Ads Coffee Break and Water Cooler Discussions 1
ScottK Bad Want Ads in the Paper - Add your examples Career and Occupation Discussions 3
BradM Getting Yahoo e-mail with no ads After Work and Weekend Discussion Topics 18
Wes Bucey Popup ads - new trick! Called by Flash and java - Firefox developers seek 'solution' After Work and Weekend Discussion Topics 6

Similar threads

Top Bottom