Google and Yahoo banner ads delivering trojans
Users who clicked on booby-trapped banner ads served by Google's DoubleClick and a Yahoo-owned service called Right Media ended up having their machines infected by a trojan, according to a report from The Register. The sneaky ads showed up on the Drudge Report, Lyrics.com, slacker.com and horoscope.com. Google says that publishers who use DoubleClick have to approve the banner ads that show up on their sites, implying that these four sites are at fault for the attack on their users. The trojan itself was installed via an infected PDF file that opened and closed when a user clicked an ad. It's called Win32/Alureon, and it opens backdoor access to infected machines. This is serious business, and it's hardly the first time we've seen "malvertising," but who's to blame when it happens? Should site owners who buy ads have to scan them first, or should the big ad networks be responsible?
