How do you trust your advertisers?

, posted: 5-Nov-2008 15:00

Trojan horse
One of the advantages touted for online is that you can have interactive advertising. But, the ads can be too interactive. In fact, they can be downright hostile, as well-known Stuff discovered earlier today. Mauricio's wife Jann got an alert about a "spyware scan" while reading stuff. The "scan" alert told her that she had malware on her computer (an iMac) and needed to pay to clean it up.

Mauricio twittered about it, and got some more info about what was going on. It was one of the ads on Stuff that redirected to a third-party site that asks people to download "virus and spyware checking software". The site in question is, and it's registered in Russia:

   Vladimir Polilov
   Organization: Private person
   Address: ul. Bauma 13-76
   City: Moskva
   State: Moskovskaya oblast
   ZIP: 112621
   Country: RU
   Phone: +7.9031609536

You can bet your bottom dollar that the software in question is in fact malware that will compromise your computer and place it under some botmaster's remote control. If you do go to the site (and I recommend you don't), avoid downloading anything and turn off Javascript and any active content.

At this stage, we don't know what kind of malware the site was trying to plant unsuspecting machines, but this TechNet page outlines a multi-vector attack with Win32/FakeXPA that takes advantage of several vulnerabilites.

Stuff has removed the ad now, and says the issue was traced to bad Javascript in a supplied advertisement - good that they reacted to it. There's a story going up on Stuff about the incident soon, I'm told.

The incident does raise the question of trust however: obviously, the malicious code in the ad had to come from somewhere. Was it deliberately done by the advertiser? Or, was the advertiser's machine compromised? We don't know that, but if you think about it, the fact that malicious code can be planted this way threatens to undermine the online advertising market.

If hijacked, trojan-horse-planting ads become commonplace, users will take the necessary steps and protect themselves. Best practice in this case is not to run any untrusted code on your machine, so you browse with Javascript turned off. If people start to do that, well, it'll create some interesting headaches for advertisers and Web 2.0 developers who depend on Javascript executing on users' machines.

How do we fix this one? Can it be fixed?

Other related posts:
Video: Kim Dotcom and Mathias Ortman at the IITP Mega breakfast
Two-factor authentication broken
The problem with naming and shaming

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.