Malicious Ads on Legitimate Sites

2009-09-23

Robert McMillan, IDG News Service, reports that earlier in September scammers tricked the New York Times Digital Advertising Department into placing a malicious ad for a fake anti-virus software on NTTimes.com.

The New York Times stated that the malicious ad took over the browsers of many people visiting the site, causing their screens to be filled with an image that seemed to show a scan for computer viruses. The visitors were then told that they needed to buy antivirus software to fix the 'problem'.

A spokeswoman for the Times Company said, "About half the ads delivered to The Times' Web site some from ad networks. As reports of strange activity cam in over the weekend, the technical and advertising staff at The Times began to suspect that a rogue ad had slipped through this way, and they moved to stop displaying such ads."

The Times has since posted a note about the ad problem on its website and is working with law enforcement and also creating new policies to prevent future mistakes.

This past weekend there has been a flood of malicious advertisements on other popular websites, such as; the Drudge Report, Horoscope.com and Lyrics.com.

McMillan reports that this time, instead of trying to trick users into buying fake antivirus, that these ads attacked.

The article states that the ads would pop up a nearly invisible window in the victim's browser that contained a maliciously encoded PDF document, which included attack code that placed a variant of the Win32/Alureon Trojan horse program on the victim's computer. This with the user only having seen a brief opening of a blank PDF which then attacks victims with out-of-date versions of Adobe's Reader or Acrobat software.

Read more about the recent attacks here.