Online ads infected with a Trojan virus have been delivered to users of numerous high profile sites participating in Yahoo-owned Right Media’s online ad exchange, according to Web security firm ScanSafe.
ScanSafe reported that during a period beginning August 8th and lasting until early September, it saw a surge in the number of a Trojan-Downloader.VBS.Agent it was blocking. The virus was being unknowingly distributed by over 70 Right Media ad servers, which Scansafe estimates delivered up to 12 million infected ads in recent weeks. Myspace, Bebo, Photobucket and The Sun were among the sites carrying virus-laden ads.
Although declining an interview, a Right Media spokesperson issued a statement saying, “We became aware of a Trojan [advertisement] introduced into the Right Media Exchange by a member network. The ad has been identified as a high risk creative and banned from the exchange”.
The Trojan itself required no interaction from the user to infect their machine, meaning that insufficiently patched operating systems were vulnerable simply by browsing to a page containing the ads. The adverts were being delivered to Right Media’s network from a third-party ad server, which was rotating both legitimate and infected ads. The infected placements delivered a Flash file generating an invisible ‘iFrame’, which prompted the download of a Trojan executable file.
In a recent press release, Dan Nadir, vice president for product strategy at Scansafe said “this is another example of how legitimate ‘trusted’ Web sites can unknowingly host malware. Online ads have become a primary target for malware authors because they offer a stealthy way to distribute malware to a wide audience”.
On its Web site, Right Media describes how each newly uploaded creative is run through a series of 10 tests in order to detect malicious activity. ScanSafe suggested the infected ads were designed to distinguish between scanning servers and regular site servers, and to deliver to the former ads with no malicious code to avoid detection.
Right Med’s spokesperson did not discuss future plans to prevent future incidents of this nature, but said the ad exchange is “committed to finding ways of keeping this type of activity away from consumers and publishers”.
The use of online advertising as a delivery mechanism for malware appears to be a rising menace. A report released earlier this summer by the Finjan Malicious Code Research Center found a rise in the use of affiliate ad networks to infect computers with keystroke loggers and other malicious code.
Amazon Prime was launched in 2005 as an express shipping membership program and more than a decade later it has tens of millions of subscribers who enjoy a lot more than just free, fast shipping on millions of products Amazon sells.
Here we take a look at sales and abandonment data from the 2016 Christmas shopping season.
Facebook isn't just the world's largest social network. In the past two years, it has also become one of the world's most popular online destinations for consuming video content.
This past November Google announced that it was starting to test indexing their mobile index as the primary index above desktop.