The trick with the f: Google and Microsoft web sites distribute malware
Last week, Google's DoubleClick advertising platform and Microsoft's rad.msn.com online ad network briefly distributed malware to other web sites in the form of advertising banners. Visitors to MSNBC.com and other web sites then received scareware. Although according to a Google spokesman, the malware filter in the "DoubleClick Ad Exchange" system did automatically block a number of malicious ads.
Third-party advertising banners distributed via DoubleClick and rad.msn.com were the source of the attacks. Apparently, criminals managed to appear as if they came from AdShuffle, an established advertising platform, simply by using their own server with an address reading AdShufffle.com (three fs). The banners were downloaded from this server.
In user's browsers, the banners opened an iframe, where the Eleonore toolkit attempted to exploit holes in Java and Adobe Reader to infect PCs. The infection presented itself as a hard drive recovery tool called HDD Plus, which told users they had a hard drive problem and tried to convince them to purchase a full version of the bogus tool.