Security Bytes

Sep 24 2009   1:42PM GMT

Attackers target PDF, DirectShow flaws with malicious banner ads

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Advertising networks DoubleClick, YieldManager and FastClick have supplied a series of malicious banner ads to several popular legitimate websites this week.

Security vendor ScanSafe says it has discovered a series of malicious banner ads appearing on popular websites, including drudgereport.com, horoscope.com and lyrics.com. While the discovery is far from groundbreaking, it supports the recent SANS Institute report showing legitimate websites increasingly being targeted by attackers.

Making it even more difficult for legitimate website owners is the third-party relationship they have with popular advertising networks. Let’s face it, advertising networks is what keeps many websites afloat. Without DoubleClick, YieldManager, FastClick and others many website owners wouldn’t be able to get a snapshot of their audience or provide relevant visitor data to potential advertisers. In this case it appears that the three ad networks I named inadvertently delivered the malicious ads.

From ScanSafe:

The malicious ads delivered PDF and DirectShow exploits engineered to silently install a Trojan downloader. The installed malware attempts to download further malware, intercepts and tampers with Web searches and can redirect the user to sites other than expected – including sites that can lead to further malware infestation.

The malicious ads appeared on the sites between Sept. 19-21. They took advantage of another rising concern highlighted in the SANS report – client applications not being fully patched. In this case, the attackers were targeting PDF and DirectShow flaws – updates that should have been applied to client machines.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: