Google and Microsoft tricked into serving malware ads

By on December 13, 2010, 2:51 PM
Two major online ad networks, Google's advertising subsidiary DoubleClick and Microsoft's MSN ads service, were found to be serving malware via drive-by download exploits over the last week. A group of attackers tricked the networks into displaying their ads by impersonating ADShuffle.com, an online advertising technology firm.

"Users visit websites that incorporate banner ads from DoubleClick or rad.msn.com, the malicious javascript is served from ADShufffle.com (notice the three f's), starts a drive-by download process and if successful, HDD Plus and other malware are installed into the victim's machine, without having the need to trick the victim into doing anything or clicking on anything," according to security vendor Armorize. "Simply visiting the page infects the visitors."

Once the advertising networks were duped, the malicious banner ads used various exploits to install malware on victims' PCs via drive-by downloads. When a victim visited a site that was displaying one of the malicious banner ads, the user's browser contacted the ad server and pulled in the malicious ad content from ADShufffle. The malicious ad then used JavaScript to exploit one of a number of security flaws and install malicious files on the user's PC. The attacks exploited a wide variety of vulnerabilities in browsers and Adobe Reader.

It's a little worrying that adding a single letter was enough to get the ads past Microsoft's and Google's systems. Thankfully, the ad networks only served the malicious content for a short period of time.





User Comments: 12

Got something to say? Post a comment
Guest said:

This is why ff with adblock plus is a must. Its not that the ads are as over the top as they use to be but an untrusted third party can run code on my machine. Also chrome with adblock plus won't work. It is my understanding that chrome still downloads the ads than doesn't display the ads. Chrome's version is more like adhide plus.

captaincranky captaincranky, TechSpot Addict, said:

Oh, it gets Worse....?

Up to now, I thought the "DoubleClick. net" Tracking cookies WERE the malware!

It's an honest mistake actually, so does all my security software.

No script approval for you DoubleClick.....

This is why ff with adblock plus is a must. Its not that the ads are as over the top as they use to be but an untrusted third party can run code on my machine. Also chrome with adblock plus won't work. It is my understanding that chrome still downloads the ads than doesn't display the ads. Chrome's version is more like adhide plus.
Yeah but look how fast Chrome it! Doesn't that make up for it? Google's ads just need a bit of tweaking. IE,"malware loaded unto your computer faster than any other browser": or maybe, "Chrome excels at making you PC unwell". Then there's always, "Chrome is so fast, your PC won't know what hit it"...!

Guest said:

well can someone from google come over and fix my computer?

captaincranky captaincranky, TechSpot Addict, said:

well can someone from google come over and fix my computer?
No, but would you mind if they stopped by to photograph your house?

madboyv1, TechSpot Paladin, said:

While unfortunate for those infected, I'm glad it wasn't just google, or wasn't just microsoft. That way people can't lampoon just one of the companies without being pegged as turning a blind eye to what they consider the more favorable company.

Cota Cota said:

adblock i a must have =D. BTW to be honest all the time i close ads on youtube (because is the only ads i see thx to adblock <3) im like "who the * reads this things, even more important do they work?" because for me is only the thingy i close to look the video well.

PanicX PanicX, TechSpot Ambassador, said:

captaincranky said:

well can someone from google come over and fix my computer?
No, but would you mind if they stopped by to photograph your house?

HAHAHA.

Cota said:

adblock i a must have =D. BTW to be honest all the time i close ads on youtube (because is the only ads i see thx to adblock <3) im like "who the * reads this things, even more important do they work?" because for me is only the thingy i close to look the video well.

I'm pretty sure everyone reads them. Even in the instant you try to close the ad, you've read it. And yes it works, it turns out that ad marketing is extremely effective, so much so, that entire businesses are based and thrive on it.

mattfrompa mattfrompa said:

madboyv1 said:

While unfortunate for those infected, I'm glad it wasn't just google, or wasn't just microsoft. That way people can't lampoon just one of the companies without being pegged as turning a blind eye to what they consider the more favorable company.

http://imgur.com/5rrHj.jpg

fpsgamerJR62 said:

Just shows that we should always take our online security seriously. Even the major players and our trusted sites can get compromised. Some days I think World Wide Web should also mean Wild Wild West.

Guest said:

I can't imagine surfing without FF +ABP (along with anti-malware software). At first it was for obnoxious ads, now it's for obnoxious ads and malvertising. Every now and then I need to use IE 8, and I'm appalled by what I see on web pages.

Benny26 Benny26, TechSpot Paladin, said:

You're never too big to get stung eh....Bloody wasps, what are they like?

example1013 said:

Now we can lampoon both companies instead! Apple users rejoice!

Seriously, I've never trusted those ad services anyways. The ads they post always look shady to me.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.