In association with heise online

25 February 2009, 15:01

Malicious advertising banners distributed by eWeek

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

eWeek, an online magazine, has become the victim of an advertising campaign that sends users malicious code, instead of the expected colourful advertising images. According to security expert Websense, an advertising banner, distributed via yesterday (Tuesday) tried to install the Anti-Virus-1 scareware on visitors' computers using a malformed PDF document. The software reportedly pretends it has found a system infection to trick users into buying a full commercial version of the program.

eWeek has now responded and stopped the malicious advertising campaign. In a statement regarding the incident, eWeek said that not only, but other web sites, within the Ziff Davis network, deployed the malicious banner. According to the statement, the attackers targeted an old security hole in Adobe Reader rather than the, as yet unresolved, security issue recently found in Adobe products.

Attacks via malformed Flash ads are actually quite common. The affected portals struggle to protect themselves against this method, because the banners are usually marketed by external contractors, who in some cases use their own servers to deliver advertising content to website visitors. Among the portals compromised last year were, for example, Myspace, and a number of popular daily newspapers.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit