When Ads Go Bad
A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing responsibility for the racy ads, saying they did not exist on their network and instead were the result of adware or spyware on my source's computer.
Included is a screenshot taken of one of the multiple ads I found on the site, which linked back to Internet dating site True.com. A Neopets.com spokesperson said the ads could not have possibly have been served through its site, and that the ads must have been displayed by malicious software.
"This appears to be a 'malicious' software program and we are aggressively investigating its origin," the company said in an e-mailed statement. "We would never accept this type of ad on any of our company's sites as it doesn't meet any of Neopet's standards."
Neopets could not specify any particular adware or software in existence today that exhibits this type of ad-swapping behavior, but offered to put me in touch with an expert who could talk about how it would be theoretically possible for such malware to exist. Scans with several anti-spyware and anti-virus products returned a clean bill of health on my source's PC.
I've heard of adware and spyware that hijacks search results, and adware that serves pop-up and pop-under ads. But I don't believe I've ever seen end-user malware that replaces legitimate ads with specific, out-of-network ads that just happen to fit the formatting, size and shape of the host Web site.
Here's another snapshot of an ad on Neopets.com for Zango, a notorious adware company that has a long history of advertising its software in the most unusual places.
Eric Sites, a researcher for anti-spyware firm Sunbelt Software, said he's never heard of such adware or spyware either. Sites said some ad networks will give clients a preview of the ads before customers decide whether to deploy them on their sites, while other networks lack that feature.
"The big problem is when the ad network sublets space," to third-party ad networks, Sites said.
Two add-ons for Firefox can let users decide which ads they'd like to see. The "noscript" add-on blocks most ads, and all Flash-based advertisements, unless the user has temporarily or permanently allowed ads from a distributor. The "Adblock" extension takes blocking ads on Firefox to another level entirely.
So what say you, readers? Has anyone heard of or seen adware/spyware that does what Neopets described?
Update, 4:04 p.m. ET:Steve Stratz, a spokesperson for Zango, had this to say in an e-mail today: "We are aware of an issue involving banner ads -- not just Zango ads, but banner ads from a number of prominent online advertisers Â–-- being inserted unexpectedly on inappropriate Web sites, including those focused primarily on visitors under the age of 18. Our security team has been working this issue and has forwarded its findings, which we believe to be a virus, to others looking to stop this problem, including federal law enforcement authorities. We welcome any and all information related to this issue, not to mention the opportunity to more broadly share the findings from our investigation to date and collaborate in tracking down the culprit(s)."
March 10, 2008; 12:34 PM ET
Categories: Fraud , From the Bunker , Safety Tips
Save & Share: Previous: The FDIC Computer Intrusion Report
Next: Microsoft Patches 12 Office Security Holes
Posted by: TeMerc | March 10, 2008 1:04 PM | Report abuse
Posted by: BelchSpeak | March 10, 2008 1:14 PM | Report abuse
Posted by: reswob | March 10, 2008 1:19 PM | Report abuse
Posted by: Fergie | March 10, 2008 1:21 PM | Report abuse
Posted by: Gin/ | March 10, 2008 2:38 PM | Report abuse
Posted by: TJ | March 10, 2008 2:53 PM | Report abuse
Posted by: Ken L | March 10, 2008 4:29 PM | Report abuse
Posted by: rick752 | March 10, 2008 6:31 PM | Report abuse
Posted by: Sean | March 10, 2008 6:51 PM | Report abuse
Posted by: The Dean | March 10, 2008 9:44 PM | Report abuse
Posted by: DOUGman | March 10, 2008 10:24 PM | Report abuse
Posted by: Pete from Arlington | March 11, 2008 9:51 AM | Report abuse
Posted by: Pete from Arlington | March 11, 2008 10:50 AM | Report abuse
Posted by: lurker | March 11, 2008 1:06 PM | Report abuse
Posted by: LawHoo97 | March 11, 2008 1:13 PM | Report abuse
Posted by: Mark Palmer | March 11, 2008 3:21 PM | Report abuse
Posted by: Pete from Arlington | March 12, 2008 10:15 AM | Report abuse
Posted by: Update Your Sun Java | March 12, 2008 11:04 AM | Report abuse
Posted by: Sandi Hardmeier | March 12, 2008 6:55 PM | Report abuse
Posted by: Smudgeoffudge | April 8, 2008 2:58 PM | Report abuse
The comments to this entry are closed.