Malicious banner ads appear on Expedia, Rhapsody sites

By duschang at 2:41 pm on February 2, 2008 | 1 Comment

http://www.scmagazineus.com/Malicious-banner-ads-appear-on-Expedia-Rhapsody-sites/article/104827/

Recently, malicious ad banners that deliver malware had appear on both Expedia and Rhapsody.  Clicking on the malicious flash ad banner, SWF_ADHIJACK.A, leads to several re-directions, which eventually result to the installation of a rogue antispyware detected as TROJ_GIDA.A.

They are definitely not  the first victims, as there have been reports of such discovery on other popular websites, such a MBL and NHL(www.crn.com/security/203101675).  However, what surprised me is that Expedia and Rhapsody, both being web-oriented company, failed to prevent such ads from reaching the site.  Unlike MLB.com, both Expedia and Rhapsody  have the knowledge and expertise to easily identify such malicious banners.  They just decided not to filter ads provided by ad-serving network.

Filed under: Current Events1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by chrislim

    February 2, 2008 @ 11:19 pm

    Well, after reading the article, it seems that Expedia and Rhapsody and really most sites (as you stated at the end) are simply leveraging the services of ad networks which act as middle-men between advertisers and advertising space providers. They do not directly interact with people who want to advertise on their site and so do not immediately have a way to vet their ads. If they were to filter out unwanted ads, it may violate the agreements and guarantees they have made with/to the ad networks (although it is curious that Expedia was able to pull the popup ad that slipped through its system)

    Perhaps this will become an area of competitive advantage for ad networks (which I believe are in a pretty crowded space now), those who can maintain a higher quality of assurance (@ least in terms of security), may be able to attract more companies that want to open their sites to serve ads, while ensuring an excellent user experience.

    I noticed the recommendation at the end which mentioned a new class of blockers–a flash blocker…I wonder if this feature will become standard in future versions of IE/Firefox the way banner ad blockers have. It seems like an important feature as these kinds of attacks increase.

RSS feed for comments on this post