Security - eWeek

Home

Security

Page 2 - Some Ad Networks Are Bad News

	LATEST STORIES
	- IT3 with Eric Lundquist, Sept. 3, 2008 - Douglas Crockford: “I Want a Browser War!” - Zoho Docs Beats Google Apps to SAAS File Man... - Sun Gets Big Traction in Storage Market - Monitoring the Wireless Network

	BEST OF THE BLOGOSPHERE
	iPhone's Mediocre Battery Life Still Beats Rivals The Android Developer Revolt Google Feels Developers' Pain Nokia Launches Location-Aware Chat Client Parallel Processing Transforming Enterprise Computing

	eWEEK EDITORIAL CALENDAR
	For a list of what eWEEK is covering this year, go to our editorial calendar.


	Killing Botnets: A View From the Trenches from McAfee Using Security Compliance Software to Improve Business Efficiency and Reduce Costs from Symantec Using Web Conferencing to Ensure Successful Enterprise Application Deployment from WebEx Communications See All White Papers >


	Security Solutions Build a Successful Security Strategy As enterprises enable remote workers, promote collaborative tools and increase interdependence on global business partners, security challenges grow. Get up to speed on effective strategies, best practices and tools to keep data, clients, servers and mobile devices safe from threats. Join us on Sept. 17 for this interactive Virtual Tradeshow as industry experts, authorities and your peers share the information you need to build a solid security foundation. Register Now!

How Tech Supports Business Initiatives

Planning For IT Continuity

Enterprise Standards For Mobility

How To Manage Virtualization

What Can Green Do For You?

Some Ad Networks Are Bad News

By Larry Seltzer
2007-11-12

Article Views: 1959
Article Rating:

/ 0

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Some Ad Networks Are Bad News - ' Take me out to '
( Page 2 of 2 )

the malware ...">

And Ynet isnt the only news site to be infected with this plague. Its spreading. Tucson Newspapers had a similar attack. That attack, according to a report, was on the site for 10 to 18 days. They say, "Our people reacted very quickly," which seems to be a contradiction.

A third attack, on the Boston Herald, was reported to have come in through a Flash ad on advertising.com. Ive confirmed that the attack is still on the advertising.com site, although its not clear that that specific flash movie is actually being served on any advertising.com customer sites.

The malware-scan.com attack itself is interesting enough (yawn!), but Im basically interested in how legitimate news organizations got to include such obviously undesirable content on their sites. Not only does the attack itself subject the user to malware, but it takes them away from the news site. And yet Ynet hasnt bothered yet to do anything about it, at least as far as I can tell.

In all of these news site cases, Ive seen the redirect performed through the same Flash movie mechanism, but I think the movie was served from three different sources: advertising.com, adtraff.com and in the Tucson Newspapers site all of the ad content appears to be served from tucson.com through Akamai. Ad networks have complicated relationships, but Im definitely confused. Someone is selling this dirty ad, and legitimate sites are getting scammed.

And then, just as I was finishing up this column, we found another one on an even more significant site: MLB.com, the site of Major League Baseball. Its not clear yet where the redirect is coming from, but it goes through newbieguide.com, which hosts what seems to be the same malicious Flash movie, to adverdaemon.com and on to the fake anti-malware ad, which weve seen both at longlifepc.com and fixthemnow.com.

To read about why Googles DoubleClick deal is facing Senate scrutiny, click here.

BTW, yes, of course even eWEEK has ads from outside ad networks such as DoubleClick, recently bought by Google. Is this a risk? At some level yes, of course it is. Both DoubleClick and eWEEK have no history of problems in this regard that I can recall, and I wouldnt tell you to avoid any specific sites, except maybe YNetnews.com.

The point is that Web sites that have content relationships with outside sites need to scrutinize the content coming from those sites. They need accountability from those partners, and they need contingency plans for taking the content down in case theres a problem with it. And someone needs to investigate these malware ad attacks further to find out how legitimate sites can avoid them.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers blog Cheap Hack

MOST READ SECURITY STORIES
PAST 30 DAYS

1 - How eWEEK Got Hacked at Black Hat (30882)
2 - Laptop Sold on eBay Exposes 1M Royal Bank of Scotland (RBS), American Express and NatWest Customers (26039)
3 - Security Software Reviews Done Wrong (23303)
4 - DNS Flaw Underscores Danger of Taking Web Security for Granted (18180)
5 - Microsoft Patch Tuesday Targets 26 Application Flaws (13334)
6 - Red Hat Digital Keys Violated by Intruder (11660)
7 - Is There Also A Russian Cyber War Against Georgia (10943)
8 - Phishers Bite Back with Malware Exploits Linked to Keywords (10218)
9 - Patience Pays Off for Hackers in Web Security War (9897)
10 - NASA Worm Talk Underscores Spread of Online Gaming Threats (9479)

Videos Sponsored by:

EWEEK E-MAIL NEWSLETTERS bring you reliable, timely information to stay on top of the business of technology -- and technology in business -- and get more out of the Web. Make your choices and start your subscriptions today!

EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!

Subscribe to our RSS feeds today for free...

	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos eWeek Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 5 hosted by Hostway.