In association with heise online

07 January 2008, 16:30

Malicious ad banners on popular websites

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Brian Krebs of the Washington Post and security provider Trend Micro report the discovery of malicious ad banners displayed by popular, heavily frequented websites. The banners apparently attempt to inject malicious code into computers by means of security holes in web browsers and add-on software installed locally. MySpace, Excite.com and Switzerland's Blick are said to be among the websites affected.

Trend Micro says that the ad banners attempt to install such trojan horses as RBot, SDBot and Spybot by means of these vulnerabilities. In addition, scripts used in the advertising banners try to get users to install a useless program called PerformanceOptimizer, which merely produces false alarms about contaminants it claims to have discovered, though it only reveals its findings after you have paid a registration fee.

Security researcher Sandi Hardmeier, one of Microsoft's "Most Valuable Professionals", discovered and documented the malicious ad banners. She has also informed operators of ad servers, thereby putting an end to the malicious advertising campaigns that were being conducted on these servers. The ad servers are no longer sending out malicious scripts and banners.

While such attacks on web users are not new, they have not been that common either. Up to now, ad banners in Microsoft Messenger have been affected, for example. In addition, this is not the first time that MySpace has had to deal with malicious ad banners.

Internet users can protect themselves from such attacks by keeping both their operating system and the programs installed up to date. In particular, outdated versions of Flash Player and QuickTime can turn into a nightmare. Security service provider Secunia's Personal Software Inspector is a tool that helps you find disused software installations, for example, and download and install current versions.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735763
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit