Network News

X My Profile
View More Activity

Malware-Laced Banner Ads At MySpace, Excite

It was not for nothing that I led our 2007 Internet security retrospective and 2008 cyber storm forecast with a look at how online crooks are increasingly lurking on high-traffic sites to ensnare new victims. According to security researchers, banner ads that try to install malicious programs are running on social networking site MySpace.com and search portal Excite.com.

If you happen to visit the MySpace Chat Forums without the benefit of the latest security updates for popular Web browsers and media player plug-ins (think Macromedia Flash, QuickTime, e.g.), your Windows machine is likely to get a kitchen sink full of malware crammed down its gullet. According to analysis by malware researcher Adam Thomas at Sunbelt Software, malicious banner ads on MySpace are pushing down some of the most nefarious and difficult-to-remove adware and spyware around, including Virtumonde, WinFixer, and ClickSpring, as well as a bunch of Trojan horse programs that are very poorly identified and detected by anti-virus programs at the moment.

In related news, Sandi Hardmeier, a Microsoft MVP and security researcher who blogs about the latest spyware threats, found malicious Shockwave Flash content embedded in banner ads running on search portal Excite.com. Hardmeier said the ad redirects the user to to a page that tries to install "PerformanceOptimizer," a scareware program that reports false or exaggerated system security threats on the user's computer, mainly in an attempt to get them to buy even more worthless software to clean up the supposed security problems.

As I've noted before, Web sites and ad networks need to do a far better job policing their networks for this type of malicious content. But because much of the current policing for evil stuff in ads is done in an automated fashion, the threat from malware-tainted banner ads on major sites is unlikely to disappear anytime soon. This is a perfect example of why it is so critical for Windows users not to delay installing security updates for all software applications, not just the operating system and the Web browser.

This also gives me another opportunity to plug Firefox in place of Internet Explorer for safer browsing, not just because a far larger share of exploits target IE users, but also because of Firefox add-ons like "noscript" that can help mitigate the damage from attacks like this (almost all of the malicious code in the banner ads was Javascript-based).

By Brian Krebs  |  January 3, 2008; 4:32 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: The Mysterious Unsent 'Bounced' E-mail
Next: Sears's Privacy Promises Broken?

Comments

And a good opportunity to remind everyone to go to secunia.com/software_inspector and have it automatically test for updates for Java, Quicktime, Flash, etc.

Posted by: Hemisphire | January 3, 2008 5:11 PM | Report abuse

I don't install Quicktime or Flash on my machines and haven't regretted it. It saves you bandwidth, space, eyestrain, annoyance and provides better security.

Posted by: Robert17 | January 4, 2008 1:21 AM | Report abuse

I have seen a pop up and redirection to a system performance optimizer tool on a Windows machine browsing hotmail.com in the last week. The pc was fully patched and updated and used Firefox but without noscript and adblock plus.

The source for the redirect was a banner ad on hotmail.com served on the user's contacts page. Unfortunately, we were unable to reproduce the redirect and therefore couldn't capture a log file.

As for prevention: The Firefox plugin adblock plus got rid of the banner. Since it is served through live.com, noscript would probably have let it through because scripting by live.com must be enabled to log in. I haven't tested this so anyone feel free to correct me.

Posted by: CL | January 4, 2008 8:39 AM | Report abuse

Along with patching ALL software, the best defenses are a limited user account and a blocking hosts file.

The Importance of the Limited User, Revisited - Security Fix
http://blog.washingtonpost.com/securityfix/2006/05/the_importance_of_the_limited.html

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Also, I would highly recommend against installing Java (too bad Secunia Software Inspector requires it), QuickTime and RealPlayer software, which will limit your system's attack surface), as well as avoiding social networking sites like the plague!!! See http://www.symantec.com/enterprise/security_response/weblog/2008/01/ive_got_a_crush_on_you.html

Posted by: TJ | January 4, 2008 9:48 AM | Report abuse

I knew something was fishy with MySpace. That's why I rarely use it.

Posted by: Emi | January 5, 2008 7:29 PM | Report abuse

That is exactly what I have on my system and its a SOB. I have been trying to get rid of that for about 4 days now and its driving me crazy.
Anyone know what the fix is?

Posted by: The Jackal | January 7, 2008 3:21 AM | Report abuse

Brian, you suggest Firefox and mention that this is based on a "far larger share of exploits target IE users." This is not true, but you are correct that using addons such as NoScript (and AdBlock Plus and FlashBlock) will make Firefox MUCH safer than IE.

However, out of the box, Opera beats them both - hands down. (I use Firefox with all the above addons.)

@The Jackal:
I highly suggest Kaspersky for that.
http://www.kaspersky.com

Posted by: Dan | January 8, 2008 1:29 PM | Report abuse

why do the Opera fanatics always seem to chime in when nobody asked them?

@Dan: it so IS true that IE is the most targeted browser out there. If not IE, which one is?

Posted by: ace | January 9, 2008 9:11 AM | Report abuse

Hey Brian, for truly high security browsing, Lynx. Command-line-based, text-only browser. No Javascript, no plugins...nothing but pure text. Can't hurt ya that way!

@ace: Now, now, the goal is to get people off of Internet Explorer (please, for the sanity of web designers if not for security). If that means Firefox, Opera, Safari, Konqueror, Epiphany, Kazehakase, or Lynx, so be it.

@Dan: Please note that due to its open development process, the existence of all known Firefox bugs are made available to the public. We know how many they have, and how highly they are rated. Firefox even has a tendency to rate possibly-exploitable bugs as being more severe just in case. On the other hand, we only know of the ones Microsoft tells us they are aware of. The actual number of exploitable bugs is anyone's guess. Due to being closed source, we can't necessarily be sure of how many exploitable bugs Opera has either. As far as we know, though, it has been exploited less than IE, so we trust it. FF has been exploited less than IE and is not so ingrained into the OS as to simply be a giant mesh of very large backdoors, so we trust it.

Posted by: Mackenzie | January 16, 2008 1:36 AM | Report abuse

i cannot log into myspace my email is correct my password is corect

Posted by: gerardo | January 20, 2008 4:25 PM | Report abuse

countries in the world. It seems, however, to have been long stationary. end of the period, be the richer man of the two. He would have a stock of

Posted by: James | January 23, 2008 10:39 AM | Report abuse

commodities, by increasing that part of it which resolves itself into wages, several days together is, in most men, naturally followed by a great desire

Posted by: Jennifer | January 24, 2008 5:11 PM | Report abuse

competition, too, obliges all bankers to be more liberal in their dealings umGoTGpVHp http://www.thequeenofauctions.com/articlepages/ezinev3is29.html

Posted by: Betty | January 25, 2008 11:38 AM | Report abuse

application, even on the most pressing occasions. Independent, therefore, of myspace insperational quotes who are maintained abroad, fewer are maintained at home. Fewer

Posted by: Wendy | March 24, 2008 7:08 PM | Report abuse

application, even on the most pressing occasions. Independent, therefore, of myspace insperational quotes who are maintained abroad, fewer are maintained at home. Fewer

Posted by: Wendy | March 24, 2008 7:08 PM | Report abuse

that time, which it does to those transacted at present or, free hunting myspace graphics object. when the whole attention of their minds is directed towards that

Posted by: Heather | March 24, 2008 9:28 PM | Report abuse

that time, which it does to those transacted at present or, free hunting myspace graphics object. when the whole attention of their minds is directed towards that

Posted by: Heather | March 24, 2008 9:29 PM | Report abuse

say, more nearly than equal quantities of almost any other commodity for facebook homepage But though it can very seldom be reasonable to tax the industry

Posted by: Wendy | March 25, 2008 2:13 AM | Report abuse

say, more nearly than equal quantities of almost any other commodity for facebook homepage But though it can very seldom be reasonable to tax the industry

Posted by: Wendy | March 25, 2008 2:13 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company