Second Malvertising Attack on Celebrity News Website of UK
The well-known showbiz and celebrity news website, Digital Spy, has reportedly been attacked by malware advertising or malvertising for second time over the past few weeks.
The incident began when some readers posted reports on the official forum of Digital Spy, claiming that when they accessed the site, www.digitalspy.co.uk, they found third-party web-pages on their screens. Some readers also complained that they had got alerts from their AV software and compromised connections, representing instances of malicious activities. Sometimes, the fake websites even appeared to contain malevolent material that activated users' antivirus programs.
In the beginning, it appeared that the problem occurred only on selected systems since many other visitors to the Digital Spy's site did not complain of finding any peculiar activity. Nonetheless, a Digital Spy employee 'James Welsh' states during the discussion that a lot of subscribers, who reported complaints, were located outside the UK, as reported by SoftPedia on July 21, 2009.
Welsh observed that it was not possible to reproduce the problem from the London-based office of the company. However, personnel for advertising operation were probing into the matter. Ultimately, Welsh came back and confirmed that the problem had emerged with advertisements hosted on the site.
Meanwhile, reports state that the incident of malvertising on Digital Spy is not new. In the initial days of June 2009, malicious and fake ads shown on the site attempted at harming visitors via installations of scareware programs through PDF exploits. The disturbing advertisements were being sent from a network of advertising, which according to antivirus specialists, were outrageously dodgy.
Since Digital Spy receives enormous traffic in which surfers jump in for celebrity gossips, the attack could result in huge hazards, warned the security researchers.
Elucidating on the issue, the researchers stated that malware-spreading ads had become quite a common medium for attack over the recent years, chiefly on account of difficulty in tracking or blocking them. Cyber miscreants have steadily demonstrated their capability of evading the security systems of even major advertising networks like Google, the researchers said.
» SPAMfighter News - 13-08-2009