Tumblr 101: Tips And Tricks To Get Started
WATCH: Shredding On The Google Guitar!
Google and Yahoo banner ads delivering trojans
Users who clicked on booby-trapped banner ads served by Google's DoubleClick and a Yahoo-owned service called Right Media ended up having their machines infected by a trojan, according to a report from The Register. The sneaky ads showed up on the Drudge Report, Lyrics.com, slacker.com and horoscope.com. Google says that publishers who use DoubleClick have to approve the banner ads that show up on their sites, implying that these four sites are at fault for the attack on their users. The trojan itself was installed via an infected PDF file that opened and closed when a user clicked an ad. It's called Win32/Alureon, and it opens backdoor access to infected machines. This is serious business, and it's hardly the first time we've seen "malvertising," but who's to blame when it happens? Should site owners who buy ads have to scan them first, or should the big ad networks be responsible?
Comments
12
Subscribe to commentsEric HSep 28th 2009 2:09PM
Blaming the site that serves them is like blaming Walmart for all the lead paint toys and toxic cat food from China.
Jason ShelbrockSep 28th 2009 2:21PM
exactly! which is why we don't buy these products from Wal-Mart, we go somewhere else... at least until we are certain the problem is resolved.
dipalSep 28th 2009 3:19PM
anyone dumb enough to click on banner ads deserves a virus
lsydexickSep 28th 2009 2:19PM
Yet another good reason to install the Adblock plus add-on for firefox...
ChristianSep 28th 2009 2:49PM
I actually just hovered over an Ad and it all of a sudden got my anti-virus warning me of a trojan... and it's a legitimate site too! It's obvious to blame the main site since they should know if their products are clean, but if it's something they get automated then I think it should be the ad network who should be to blame.
Eric H.Sep 28th 2009 3:48PM
Ultimately a site's owner is responsible for the content of that site. Therefore a site should be responsible for any problematic advertising that appears on that site. The Television networks are certainly responsible for any advertising that appears on their channels, not the advertiser that makes the advertising. Why should websites be treated any differently.
If you do not want to use an advertising service because you will not have the option to approve all advertisements that might appear on your site, well choose a different advertising service. No one is forcing anyone to use doubleclick.
Fred ThompsonSep 29th 2009 1:33AM
@Eric H,
You are confusing the creator of the content with the delivery of content. A book store is not responsible for the content of the books they sell...in the overwhelming majority of cases. It is a crime, in the United States, to sell pornography to minors WHEN the vendor knows it is a restricted item, for example. In the case of advertising banners, the content of the banner is not subject to review by the site owner nor do they distribute it. The delivery medium is not a "public asset" so the requirement for review by the site owner is less than that of a radio or TV station using "public airwaves" for distribution.
Saint SeminoleSep 28th 2009 5:53PM
I honestly didn't know people clicked on internet ads... Wow. Oh wait, I saw a character in a movie do it once.
cmsb55Sep 28th 2009 9:25PM
Just one more reason to stay off the Drudge Report...
Chester WisniewskiSep 29th 2009 1:08PM
I attended Virus Bulletin last week and saw Eric Davis of Google's anti-malvertising team do a presentation on the difficulties and techniques Google uses to try and protect customers from this type of fraud. It is a difficult problem, and if I am not mistaken, the malicious ads on Google's service last week were "swicthed out" after publication. This means if the consumers of their advertisements vetted them at the time they were posted, they were non-malicious. It's not as easy as it looks on the surface.
Chester Wisniewski
Senior Security Advisor
http://www.sophos.com/blogs/chetw
AlanSep 29th 2009 7:15PM
It's the advertiser's fault, not the website serving the ad. If I sell tires and Goodyear manufacturers defective tires, then I blame Goodyear.
fightlinkerOct 3rd 2009 12:50AM
I run a website and one of the biggest issues when trying to find an ad network is finding one that will be accountable if ads come up with viruses or hijacks ... it's not only an issue for the time the ads are served ... there's also the horrific possibility of google putting you on a list of 'attack sites', and of course once you're on this list you're pretty much frucked.