You see more and more of it. Huge internationally, renowned websites fall victim to distributing malware to their visitors via malicious advertisements. Currently it’s the #1 way to distribute malware and not a lot can really be done about it. Here are the 2 most popular ways malicious ads can ruin your online reputation with your users and search engines:
Method 1:
- A person or group contacts you (or your advertising dept) and buys ad space.
- Your advertising dept receives a flash advertisement that looks perfectly safe and harmless.
- The ad is approved.
- Later that day a script is triggered in the flash animation to automatically download a malicious .exe (like fake-av.exe) as soon as the visitor (like mom or pop) visits the web site. In some instances visitors may be redirected to a site that loads a barrage of exploits against the visitors PC. This is far worse than 1 malicious .exe of course.
- The site administrator may or may not be alerted quickly to the site hijacking.
- All it takes is just a few seconds or minutes to infect thousands of visitors.
- The malicious ad is removed, but it way too late.
Obviously the easiest way to defend against this type of hijacking is just to say no to any scripted advertisements. This will cut down on maliciously scripted Ads; however it also cuts down on good advertisers willing to pay good money for ad space. It’s a tough choice.
Method 2 – this is nearly impossible to deal with…
- A person or group contacts you (or your advertising dept) and buys ad space.
- Your advertising dept receives basic text or image advertisement that looks perfectly safe and harmless.
- The ad is approved.
- Later that day the landing page for the ad is switched to a malicious landing page.
- When a visitor clicks the ad they may now be subjected to whatever is on the new malicious landing page.
- Again, the website administrator may or may not be alerted to the malicious ad in a timely manner.
- The malicious ad is removed, but it way too late.
Keep in mind that I’ve only discussed 2 ways malicious ads can ruin your online reputation. They are many others.
{ 8 comments… read them below or add one }
I’ve seen these before and they can be real buggers. Most of the do show the legitmate advert afterwards though so it looks perfectly normal – until a fake AV pops up blocking all your programs
Matt,
Can you possibly review 2 applications:
PrivacyWares “Privatefirewall” This is the creator of DSA and has many elements like threatfire. Can you do a prevention test on it?
Also, Hitman Pro 3.5 Can you do a clean up test. This combines 5 AV engines via cloud computing. http://www.surfright.nl
I use this all the time for a first quick hit and clean up.
Thanks,
Bryan
@Bryan – you read my mind. I’m working on the hitman review right now.
Matt thanks can’t wait it is really a great product for a 1st time hit on a system if infected I think. Any thoughts on a prevention video for privacyware’s private firewall? Bryan
They could prevent the second one by not alowing them to change links and having a bot check for redirections. And google ads has put some simirouge ads on you site.
I usually use Kaspersky Internet Security 2010
with Anti-banner turned on I never see those Ads turn up Even if it does it only show you a blank ads with nothing in it This is a way to keep me from getting those or annoying ads
The only ads I have seen Is when I use my other computer running on MSSE It says You are selected to bring home blah blah blah at 8:pm 21-oct-2009 Wednesday
So Matt I have a question
Do you think the Anti-Banner thingy will prevent me from getting those Malware Ads?
Good thing I Don’t click on those ads.
I saw that the ads are redirecting to a site from ebay, to do a exploit to the computer. Thats very suspicious.
(rover . ebay . com) <—- That site could be suspicious from ebay.
- Dj T 4
@john
The kaspersky anti-banner feature will block an ad from running. The anti-banner feature should also stop a malicious script that is triggered by the ad. Don’t assume you are safe from ad malware though. There are many forms of malicious ads. Method #1 stated by mat is probably the type of ad you should be worried about. That is assuming you don’t fall for the old “you won a free ipod” trick though.