DoubleClick Serves Up Vast

By Lisa Vaas  |  Posted 2007-11-12 Print this article Print

Malware Blitz"> On Nov. 12, Web sites marketing professionals were flooding industry e-mail lists with reports of complaints from readers that they have been receiving inappropriate ads. Marketing professionals have complained of their ad servers being "hijacked" at sites, including The Wall Street Journal, Discovery and BizJournals. Its not that the servers have been hijacked, Harvey said, but rather that a toolbar or some other mechanism is overlaying the intended ad with inappropriate content. "It looks like we are all in the same boat," one marketer said in a message to the mailing list.
Another marketer said his company had already shut down one of its networks that was devoted to serving up ads and had suspended all third-party ads on another site.
Its not clear yet whether all the sites are having the same problem, given that some sites are delivering the bogus anti-spyware and others are experiencing normal ads being replaced with ads for porn or other inappropriate material. To read about why the Google-DoubleClick deal is facing Senate scrutiny, click here. As for the bogus anti-spyware code its origin the German company AdTraff had not responded to inquiries as of the time this article posted. Google, which has proposed a $3.1 billion buyout of DoubleClick, declined to comment. Harvey said in a statement that this is "an industry-wide challenge; unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment." Even as DoubleClick monitors its online environment for malware—it has a dedicated team that works around the clock on the issue—malware writers are working to adapt to its new security measures, Harvey said in the statement. "As with any system (Norton, McAfee, etc.) designed to root out bad actors, there are going to be times when the bad actors are a step ahead—when this occurs, we immediately cease serving the infected ads, and then work to refine our system so that similar ads are captured and disabled before they are ever served (just like when Norton provides a patch in response to a new threat)," the statement said. DoubleClick has alerted its clients, particularly publishing clients, of the need to pay close attention to the advertisers, agencies and networks with which they work. When clicked on, the bogus anti-spyware ad presents in the lower right-hand screen corner a dialog box informing users that their computer is infected and that they need to download a scanner immediately. Warning: If clicking on the following link, do not click "OK" to any dialog boxes; instead, simply close out the browser window. This is a link to the bogus infection scan thats presented to victims. Eckelberry said that the Trojan consistently reports that malware has been found even on systems known to the security firm to be perfectly clean. Sunbelt and other security researchers see this type of misleading ad, which uses convincing warning dialog boxes that look like legitimate Windows messages, on a regular basis. Adam Thomas, a researcher at Sunbelt, said the IP address for the ads overlaps with those used by Innovative Marketing, which has a long history of misleading on the Internet. AdTraff.coms domain registration also lists the same e-mail address as Innovative Marketing, Thomas said. "These guys are just slimy advertising guys," Eckelberry said. Ad hijacking is a constant problem, Eckelberry said. That makes it essential that online publishers and others who serve ads vet the advertisers to whom they hand their space—and their visitors eyeballs. Editors Note: This story was updated to include comments from Sean Harvey, to correct its original depiction of DoubleClicks culpability and to clarify Web publishers culpability in serving malicious code. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel