Google DoubleClick Found Serving Malicious Ad
Researchers at Armorize Technologies discovered recently that Google's DoubleClick was serving a banner ad laced with malware.
The malicious advertisement came from a fictitious company called "AdShufffle.com"-a knockoff of the real AdShuffle.com that spells its name with two f's instead of three, Huang explained.
"We've notified the real AdShuffle.com and DoubleClick, and both companies have responded very quickly to the incident," he said. "AdShuffle has taken the details provided by Armorize in attempt to shut down the malicious domains, and DoubleClick has taken measures on Dec. 8 and 9 to ensure prevention of similar attacks. We were pleasantly surprised that both companies worked very quickly upon receiving the information and were very responsible in their actions."
Huang said he did not know how many sites were affected. The malware the company detected installs "HDD Plus" onto the victim's PC. The program produces a fake Windows alert telling victims their computers are infected and then prompting them to purchase a security program to repair them.
A spokesperson for Google said the DoubleClick Ad Exchange malware filters independently detected "several creatives" containing malware and blocks them.
Malicious ads are a significant threat, as they undermine consumer trust in the online advertising industry, noted Craig Spiezle, executive director of the Online Trust Alliance. In its security report for the second quarter of the year, researchers at Dasient estimated that 1.6 million malvertising impressions are viewed online everyday.
"Some large organization and trade organizations are somewhat in denial," Spiezle said. "Conversely, others such as Yahoo are very much willing to work together. ... The supply chain is very complex: advertisers, ad agencies, ad networks, ad exchanges, ad servers and ultimately the site publishers. The systems were built for agility and data collection [analytics], not for security."
*UPDATE: This story was updated to reflect new data from Dasient.