Malware Alerts Through EyeWonder Undermining Website Credibility

According to a post on ZDNet Blog available on July 3, 2009, users accessing websites that are well-known and received heavy traffic reported that they could not reach some of their sections because of malware alerts popping up on pages via the communicative digital advertising facilitator EyeWonder.

Understandably, some of the websites that were affected were Mashable.com, BBC, CNN, and Washington Post.

Referring to an instance of malicious software alert that popped up on Mashable.com, security researchers stated that it said visiting the site could damage the user's computer. The mashable.com site includes components from cdn.eyewonder.com the site that seems to host malicious program that could either run without the computer user's knowledge or simply harm his system.

Malware alerts such as one emerging on Mashable.com puzzled site visitors who were confused about the genuineness of the alerts or if they related to any ad scheme that the sites being visited were currently hosting. Consequently, several users desiring to know whether the alerts were real put up questions on the sites they visited.

Due to these problems, the SafeBrowsing advisory from Google about EyeWonder said that the these attack codes were being maliciously hosted on domains of the ColdFusion Injection attacks, reported Dancho Danchev, an independent security professional, through a Blog post, as reported by ZDNet on July 3, 2009.

Elaborating further about the malware assault, Danchev said that through an exploitation of stack overflow error in RealPlayer Import, and another of URL overflow in 'Quick Video on Demand' (QVOD)Player, malware distributors were making efforts to add 8 separate malware pieces to the hijacked sites.

In the meantime, this incident is allegedly raising questions about the credibility of EyeWonder i.e. whether it is related to a malvertising campaign in which malware is inserted into legitimate websites via the EyeWonder ad network or their site really got hijacked via the current Cold Fusion attack of website compromises.

Moreover, Danchev pointed out another important issue. A malware incident of this kind as well weakens the trustworthiness of websites that employ EyeWonder. Therefore, websites must be vigilant about maintaining their reputation amid users.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 7/18/2009