Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • PC Hardware

    DoubleClick Serves Up Vast Malware Blitz

    By
    Lisa Vaas
    -
    November 12, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Rogue anti-spyware software that pushes fraudulent PC scans has found its way onto DoubleClick and legitimate sites, including CNN, The Economist, The Huffington Post and the official site of the Philadelphia Phillies.

      DoubleClick officials told eWEEK that they have recently implemented a security monitoring system to catch and disable a new strain of malware that has spread over the past several months. This system has already captured and disabled about 100 ads, the company said in a statement, although it didnt mention this episode in particular.

      The bogus anti-spyware onslaught is only part of a bigger wave thats also included porno ads being swapped for normal ads on sites such as The Wall Street Journal. Its not yet clear whether the same fraudsters are behind both the porn and the fraudulent anti-spyware ads.

      Sunbelt Software has confirmed that Trojans were being downloaded from ads served by DoubleClick as recently as Nov. 11. This malware is the kind that repeatedly pops bogus warning messages about computer infections in users faces until they give up in despair and pay $30 to $40 for a junk “security” program.

      “The stuff thats installed is this rogue anti-spyware software that … gives you fake alerts, [such as] Your computer is infected, you must run this. Basically its extortion. … They try to push you to buy their software,” Sunbelt President Alex Eckelberry told eWEEK.

      Read here about how most malware is made in China.

      The malware application is a variant on WinFixer, a piece of malware that pretends to be a diagnostic tool.

      These arent Trojans that steal account information, but they are illegal due to misleading advertising and other statutes. “It just pummels you with these alerts that your machine is infected, your machine is infected. It just wears you down. Its not stealing information, its not a virus. It just convinces you to spend $30 to $40 to buy their absolutely garbage application. Once it gets on your machine, it will pound you. Every time you start up your machine,” it will pester users with bogus scareware warnings, Eckelberry said.

      He said Sunbelt will be contacting the Federal Trade Commission Nov. 12.

      The reach of DoubleClick, one of the Internets largest online advertising services, is vast, to the extent that the scope of the impact is unknown. However, the only sites at risk are those that signed agreements with the advertiser that is distributing the malware in question, a German marketing company called AdTraff.

      Its not DoubleClick which is ultimately responsible. DoubleClick is an ad-serving platform that only provides the technology used by publishers to deliver ads from advertisers with whom the publishers have signed agreements. DoubleClick does not directly deal with the advertisers, although it does attempt to protect its clients from malicious code masking as advertisements by checking on materials stored in its database.

      “We view the security aspect as one part of our service, but we make it clear to [clients] that they have to do sufficient quality assurance,” said Sean Harvey, senior product manager for DoubleClicks ad management platform. “They have to be checking with advertisers to make sure theyre legitimate, and to make sure the creative is not malicious.”

      Recently, DoubleClick discovered one company in particular that was trying to sign direct deals with publishers. DoubleClick found that the rich media ad in question was clean but called an external file that would in turn call something else, in a “very creepy, encrypted kind of way,” Harvey said. “It was very hidden, very hard to see what was going on, and it would call [a] malware site.”

      Because of that find, DoubleClick has since deployed a mechanism for scanning advertising material, not because its responsible for the safety of the materials that customers store in its systems, Harvey said, but as a service to its customers and to protect its reputation.

      The sites involved—The Economist and the others—are ultimately responsible for any malicious code delivered through their ads or sites.

      EWEEKs publisher, Ziff Davis Enterprise, is a DoubleClick customer. ZDEs networks have not been infected with the ads, most of which are associated with affiliate marketers.

      Page 2: DoubleClick Serves Up Vast Malware Blitz

      DoubleClick Serves Up Vast

      Malware Blitz”>

      On Nov. 12, Web sites marketing professionals were flooding industry e-mail lists with reports of complaints from readers that they have been receiving inappropriate ads. Marketing professionals have complained of their ad servers being “hijacked” at sites, including The Wall Street Journal, Discovery and BizJournals. Its not that the servers have been hijacked, Harvey said, but rather that a toolbar or some other mechanism is overlaying the intended ad with inappropriate content.

      “It looks like we are all in the same boat,” one marketer said in a message to the mailing list.

      Another marketer said his company had already shut down one of its networks that was devoted to serving up ads and had suspended all third-party ads on another site.

      Its not clear yet whether all the sites are having the same problem, given that some sites are delivering the bogus anti-spyware and others are experiencing normal ads being replaced with ads for porn or other inappropriate material.

      To read about why the Google-DoubleClick deal is facing Senate scrutiny, click here.

      As for the bogus anti-spyware code its origin the German company AdTraff.com. AdTraff had not responded to inquiries as of the time this article posted. Google, which has proposed a $3.1 billion buyout of DoubleClick, declined to comment.

      Harvey said in a statement that this is “an industry-wide challenge; unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment.”

      Even as DoubleClick monitors its online environment for malware—it has a dedicated team that works around the clock on the issue—malware writers are working to adapt to its new security measures, Harvey said in the statement.

      “As with any system (Norton, McAfee, etc.) designed to root out bad actors, there are going to be times when the bad actors are a step ahead—when this occurs, we immediately cease serving the infected ads, and then work to refine our system so that similar ads are captured and disabled before they are ever served (just like when Norton provides a patch in response to a new threat),” the statement said.

      DoubleClick has alerted its clients, particularly publishing clients, of the need to pay close attention to the advertisers, agencies and networks with which they work.

      When clicked on, the bogus anti-spyware ad presents in the lower right-hand screen corner a dialog box informing users that their computer is infected and that they need to download a scanner immediately.

      Warning: If clicking on the following link, do not click “OK” to any dialog boxes; instead, simply close out the browser window. This is a link to the bogus infection scan thats presented to victims. Eckelberry said that the Trojan consistently reports that malware has been found even on systems known to the security firm to be perfectly clean.

      Sunbelt and other security researchers see this type of misleading ad, which uses convincing warning dialog boxes that look like legitimate Windows messages, on a regular basis.

      Adam Thomas, a researcher at Sunbelt, said the IP address for the AdTraff.com ads overlaps with those used by Innovative Marketing, which has a long history of misleading on the Internet. AdTraff.coms domain registration also lists the same Yahoo.com e-mail address as Innovative Marketing, Thomas said.

      “These guys are just slimy advertising guys,” Eckelberry said.

      Ad hijacking is a constant problem, Eckelberry said. That makes it essential that online publishers and others who serve ads vet the advertisers to whom they hand their space—and their visitors eyeballs.

      Editors Note: This story was updated to include comments from Sean Harvey, to correct its original depiction of DoubleClicks culpability and to clarify Web publishers culpability in serving malicious code.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×