Fake Banner Ads Attack Popular Websites
A widespread Web attack involving fake advertisements, which are malicious in nature and are capable of evading content scanning, is infecting visitors of famous Websites. The attack has come to the notice of a Web security firm.
In the first week of September 2007, researchers at ScanSafe started to observe a large number of phony banner ads getting posted on Websites with heavy traffic and on user generated Websites. These ads on sites like Photobucket and MySpace attempted to plant a Trojan without user interaction, ScanSafe's Vice-President of product strategy, Dan Nadir told SCMagazineUS.com that published it on September 7, 2007.
Computer systems that do not have a patch for a certain Microsoft ActiveX flaw that was revealed in February 2007 are vulnerable, warns Nadir.
ScanSafe has estimated that about 70 ad servers may have delivered approximately 12 Million of the aforementioned malicious ads. The Trojan they dropped is called VBS.Agent.n.
The origin of these banner ads has been traced to an ad network run by a company known as RightMedia. The company is now under the ownership of Yahoo!. The banner ads were sent to RightMedia from a third-party advertisement server.
ScanSafe explained that these separate third-party ad servers rotated various malicious ads, which, with the help of Macromedia Flash files, planted an iFrame not visible to the eye. iFrame is used to insert content from some other Website into the current Website. This iFrame would then download a malicious code that took advantage of vulnerability in Internet Explorer browser of Microsoft to drop a characteristic Trojan horse.
The danger of the attack is particularly because there is no need for users to click a malicious link to infect their systems, and also because the filters are also incapable of detecting the threat.
A spokesperson for RightMedia said that after the ads' were identified, they have been banned. But the company can't control whatever occurs in other areas of the Net. However, it was committed to upgrade its protective tools and find ways to keep consumers safe from such activities, the spokesperson added. WashingtonPost published this on September 10, 2007.
Last summer in 2006, there had been faulty banner ads targeting popular social networking sites. The ads hosted metafile vulnerability in Windows allowing drive-by downloads.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 26-09-2007