The next time you are browsing away on the web and see a pop-up offering you antivirus software or alerting you that your computer is infected and you need to repair it, be very cautious. It is quite likely the pop-up display is an advertisement intended to spread malware to infect your computer. Don’t doubt this because you’re looking at a web page from a major media company like the New York Times or an ad served by Google or Yahoo, either. All of these and more are having problems with their advertising services being subverted into malware distribution systems.
Google analyzed the malware threats it found on web sites from January 2009 to February 2010 and discovered that about 15% of such threats appear as antivirus pop-ups or other similar warnings. Some are calling this infection mechanism “scareware” because it is designed to dupe the user into doing what the attacker wants by causing fear and uncertainty. The percentage of malware being spread this way is increasing.
Even large and reputable web sites are being afflicted with this sourge. As Elinor Mills of CNET reports in her article Ads–the new malware delivery format, even sites like New York Times are being used as means to infect computers with malware because advertising networks are subverted to serve malware ads. This can be unknown both to web sites hosting the ads and to advertising networks serving the ads until users start reporting infections.
(from Ads–the new malware delivery format)
By sneaking fake ads onto a high-profile site, the scammers are likely to net more victims than by targeting smaller sites.
“I think there is a problem with ad networks, in general,” said Graham Cluley, a Sophos security researcher. “The problem really is with Web sites handing over control of some of their content to third parties.”
The rogue ad on NYTimes.com was delivered by an unknown ad delivery firm after the newspaper agreed to run an ad for a week from a company posing as Internet telephony provider Vonage, according to New York Times spokeswoman Diane McNulty. Initially, a legitimate-looking ad was running, but that was switched with the fake antivirus alerts, possibly on Friday, she said.
The malware installation is generally triggered by the user clicking on the ad. Alarmingly, newer Flash-based advertisements can spread malware even without user interaction.
The types of malware spread by this route vary from bots designed to be remotely commanded in denial of service attacks to keystroke loggers searching for passwords, names, and other confidential information to spyware that searches computers for financial data and reports what it finds back to the attacker. Identity theft, financial crimes, and building networks of compromised computers to use for these and other attacks are often the goals of such malware. Corporate and international espionage is another typical goal. Some attackers may simply be out to collect dirt on their former employer, ex-spouse, or other adversary for use in blackmail or reputation assassination.
Nobody should be running a PC connected to the Internet without some kind of defense against malware. Thankfully there are multiple free programs available to help defend personal computers from attack. We previously described our positive experience with Microsoft’s free Security Essentials program in our article Virus and Malware Protection On The Cheap Via Microsoft Security Essentials.
Further Reading
Google: Fake antivirus is 15 percent of all malware
Ads — the new malware delivery format
McAfee, Adgregate unveil anti-malware for Web ads
How one company stays safe with two networks
Virus and Malware Protection On The Cheap Via Microsoft Security Essentials
