Malicious ads seem to be everywhere (well, hopefully not this site) if you read reports from the industry.
Trend Micro describes how sponsored ads on Bing and AltaVista (now part of Overture) lead the user to fake anti-virus, a.k.a. "scareware" ads. Trend detects the file, named MalwareRemovalBot.exe-1, as TROJ_FAKEAV.DMZ. Click the link and soon fake security software is finding non-existent threats on your system.
A report in Computerworld tells a story of a new instance of another old story, compromised ad networks pushing malicious code on legitimate sites.
The victims in these attacks were the Drudge Report, Horoscope.com and Lyrics.com. The New York Times and Philadelphia Inquirer were similarly hit recently. The article mentions a similar episode in February for which I was involved in incident response.
In this case, as in the February case, the attach was not scareware but malware delivered and installed on the system through various software vulnerabilities. The primary one was an unspecified Acrobat vulnerability, but some versions of the attack used an old and patched flaw in Microsoft's DirectShow. As well in both cases, Google's DoubleClick was the compromised ad network.
Your best defense against these attacks is both common sense in browsing and updated software. Patch your operating system and applications and you can surf horoscope.com all you wish and your future will bring happiness and prosperity. Be on the lookout for scareware attacks; the only scans and warnings you should see are the ones from your own security software.
没有评论:
发表评论