Scammers Use Advertising Medium to Distribute Malware

Security researchers have found that hackers and spammers in a novel and sophisticated approach are pretending to be agency executives who directly connect with reputed publishers and infect them with malware, as per the news published by Advertising Age on November 2, 2009.

Describing the method of the attack, the researchers said, someone pretending to be a marketer or high profile agency official contacts a publisher over e-mail, which displays a convincing domain such as hyundai-inc.com or vonage-inc.com, and places a request for arranging a campaign, usually during the nearest weekend. However, the ad is malicious as it installs malware that keeps on harvesting the personal identification details of the user until the victim becomes aware of it.

Moreover, CEO Michael Caruso of ClickFacts, a company for online security which functions in collaboration with News Corp, said that the spammers are daring and have money. These crooks are well-aware of Internet advertising and probably have been part of the industry, or their knowledge is sufficient to persuade people engaged in sales, Caruso added. Ad Monsters published this on November 2, 2009.

By featuring bogus advertisements on a reputable website, chances are that the scammers would victimize more people than they would have by posting them on smaller websites. But a lot of ad networks do manual scanning of ads that could help to easily change ad content.

Besides, scammers can place a malicious advertisement anywhere since websites frequently engage other firms for selling their ad supply, the researchers said. An example of this is the Trojan-laden banner ads of 2007 that certain ad network had been producing through the Right Media Exchange of Yahoo to high-traffic websites like Photobucket, Bebo, MySpace, etc.

Apart from this, Gawker Media has been the latest victim, which ran a campaign during the 4th week of October 2009, installing malicious software on computers accessing Gawker sites over several days at a stretch, until the ad was detected.

Finally, the researchers stated that the said attacks represented an increasing advancement among hackers who attempt at making advertising a medium to spread malicious programs. Consequently, it is important that users act judiciously while clicking on advertisements, they concluded.

Related article: Scammers Exploit Tax System Resulting in ID Theft

» SPAMfighter News - 11/17/2009