Perimeter e-Security Disclosed a Fake Antivirus Serving MLB.com

Security experts from security firm Perimeter e-Security have found that the Major League Baseball (mlb.com) site has been distributing fake antivirus malware through a compromised ad network.

"Over the past week, we (Perimeter e-Security) noticed that various customers trying to download several "fake antivirus" malware had approached MLB.com instantly before attempting to install. We suspected an infected ad network, though we require the proof. Once the page is refreshed, MLB.com for 20-30 times, we were ultimately given the [malicious] redirect...," Perimeter e-Security report explains.

This particular drive-by attempting to download actually needs some user interaction. Once "Clean Computer" is clicked, the user is driven to download the file setup.exe containing actual fake-AV program. Like most fake-AV programs, it fakes scanning the victim's computer, find all files that are claimed as infected, and then endeavors to obtain the victim to purchase the "Full Version" to take away the non-existent threats for the low, low price of $99.99. This specific variant presents itself as "Windows Secure Web Patch". However, the program is fraudulent.

After analyzing the packet captured during the process of infection, Perimeter e-Security confirmed itself from the website adginserver.com, an ad server referenced by MLB.com.

Later on, it (Perimeter e-Security) claimed that the precise advert that provides the fake-anti-virus is on upon the MLB news page and spots to plentywatch.com. However, the banner image is collected on gipcampaign.com, injected with an IFRAME that readdress to adginserver.com.

However, the MLB's page rotates its ad display instantly, and thus every visit does not exhibit this malevolent advert, but as MLB.com secures the 77th position in the US and 344th globally, and approximately 3.24 Million, consumers think that these pages every day. Though the advert were only exhibited once every 100 page views it would influence over 300,000 PCs.

Early last year (2012), the public website for the London Stock Exchange was hit by a similar campaign when one of the online ads turned out to be malicious.

Online advertisements are a significant problem because of which several Internet companies (like Facebook, Twitter, and AOL) recently banded together to fight malicious online ads, commented Maxim Weinstein, the Ads Integrity Alliance Executive Director, which was published by Security Watch on June 19, 2012.

Related article: Parents Should Protect Their Children from Social Networking Danger

» SPAMfighter News - 7/3/2012