Network News

X My Profile
View More Activity

Don't Get Web 2.0wned

A recent attack in which tainted banner ads served up rogue software for visitors of popular sites such as drudgereport.com, lyrics.com and horoscope.com is a stark reminder of the importance of keeping up-to-date on software patches.

According to Web vulnerability scanning firm ScanSafe, between Sept. 19 and 21, tainted ads that tried to foist malicious software cycled through some of the Web's most popular destinations (drudgereport.com receives more a million visitors per day, according to compete.com).

Unlike the attack last week from rogue ads on the New York Times Web site - which heaved bogus anti-virus software onto visitors' systems - this series of bad ads sought to drop a Trojan horse that hijacks the victim's search results, ScanSafe found.

The hostile ads tried to exploit several software vulnerabilities in order to drop the search hijackers onto victim PCs. One was a Microsoft Windows/Internet Explorer vulnerability that Redmond issued a patch to fix in July. The attackers also exploited several flaws in Adobe Reader and Acrobat, infecting systems that were missing the latest updates for those programs, ScanSafe found.

If you're putting off patching the operating system or common apps like Reader and hoping your anti-virus software will save you from these attacks, consider this: ScanSafe discovered that just 3 out of 41 anti-virus scanning engines in use at Virustotal.com detected the dropped Trojans as malicious.

If you have trouble remembering to install updates, consider using a free program like Secunia's Personal Software Inspector, which periodically alerts users about outdated, commonly-used software titles. The company also offers an online scanner (requires Java).

Please join me at 11 a.m. ET today for Security Fix Live, where I have a go at answering your questions about technology, security, and privacy. Can't wait until then? No problem: Send me a question in advance.

By Brian Krebs  |  September 24, 2009; 11:24 PM ET
Categories:  Latest Warnings , Safety Tips , Web Fraud 2.0  | Tags: adobe, microsoft, scansafe  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: 'Money Mule' Recruitment Network Exposed
Next: Cyber Gangs Hit Healthcare Providers

Comments

Also Bit-Defender 2010 Total Internet Security is now offering the capability to scan for current updates.

Posted by: brucerealtor@gmail.com | September 25, 2009 3:09 AM | Report abuse

What about Mac OSX? What about Firefox?

Posted by: Andrew53 | September 25, 2009 8:54 AM | Report abuse

Why is the onus on the user to scan for bad ads? Doesn't the Web site have some responsibility here? I find that the biggest problem is the "hand-off" to ad sites to populate the pages with ads, which not only introduces a security risk, but very often seriously delays loading of the page! And we continue to put up with this nonsense, like sheep.

Posted by: bbten | September 25, 2009 9:38 AM | Report abuse

Anyone who would go to a horoscope site is already too gullible to protect themself for long.

Posted by: GWGOLDB | September 25, 2009 10:25 AM | Report abuse

re: "I find that the biggest problem is the "hand-off" to ad sites to populate the pages with ads, which not only introduces a security risk, but very often seriously delays loading of the page! And we continue to put up with this nonsense, like sheep."

The Mercedez ad that has a magnifier on the WaPo's suduko page this week is a bear. It crashes my up-to-date Flash and Firefox. I don't block ads as I see them as part of the price I pay for access to the WaPo and other sites, but it was so I was hitting the refresh to get the rotator to serve a different ad every time I saw that one - no easy place to report such problems either. It took a bit of experimentation to figure it out initially, but I'm convinced that was the culprit. If ad revenue is to support content then it should be clean and bug free.

Posted by: kiosk | September 25, 2009 10:31 AM | Report abuse

I bet the sales rep that sold the hackers the ad space gets to keep his or her commission. I'm sure there's nothing in place to remove commissions on malware ads. Until that changes, this will keep happening. It's not the first time that this has happened. Ben Edelman's site has a long list of advertising hacks. Hackers typically place the ads for the weekends because it takes longer for newspapers to respond.

Posted by: larry39 | September 25, 2009 11:07 AM | Report abuse

For Firefox users, you can get the AdBlock Plus extension from mozilla.com to block ads (click on the link for Add-Ons).

For all Windows users, you can replace your default HOSTS file with a customized HOSTS file that blocks connections with known ad servers. A good one is from www.mvps.org (type in "Hosts file" in the Google search box on that site).

Replacing your HOSTS file isn't rocket science but you must be careful as you are messing with a Windows system file. You need administrator rights to do this replacement. Read the instructions on the mvps website.

My advice is to rename the default HOSTS file to something like "HOSTS_original.txt" and then copy & paste the new HOSTS file into the same directory. You have to do a full restart of Windows for the change to take effect.

You may need to periodically swap in a newer HOSTS file to keep your ad blocking effective. MVPS updates their HOSTS file every 1-2 months.

Posted by: taskforceken | September 26, 2009 12:07 AM | Report abuse

What about using opendns.com? That seems to block a lot of the ads for me.

Posted by: PostSubscriber | September 26, 2009 10:48 PM | Report abuse

Ok, I can't do without Windows for a few aps (including my webcam for Skype) that don't work in Ubuntu. But I'm once again double booted, and I do all my web browsing in Linux Ubuntu, including using its firewall. The Firefox edition for Ubuntu even lets me print the screen to pdf, so I can save important screens for archives.

The question to ask is: Even though Microsoft is hurredly trying to patch security flaws, what is the ratio of safe days to "sorry days" when using Windows? Not a very good track record.

Posted by: AnnArborGuy | September 26, 2009 11:26 PM | Report abuse

I'm a new Macbook user. I am not completely knowledgeable as of yet. When I inquire others about what I need in terms of security on my computer, I am always told, that the only thing I need is to activate my ABP. As a past user of Windows and the many security scans required, I am still not comfortable and fully trusting in the advice I received regarding the Macbook. I also use Firefox browser. Can anyone back up the claims regarding the security of the Macbook?
Thank you...

Posted by: MsDee1 | September 30, 2009 9:31 AM | Report abuse

Using Firefox with the Adblock Plus add in is also helpful, though a I did see a fake virus add recently due to a FF vulnerability that was discussed in this column.
Keeping the hosts file up to date so as to block bad ad servers is a techie solution that is not a viable option for over 99% of users but thanks for the reminder to the 1%.
Minority software (Macs, FF etc.) is not attacked as often because spamming is a numbers game. However, it is certainly not foolproof -- nothing is.
I use FF Adblock and don't ever click on ads that do make it though this screen.
Is there any low cost, easy to use sandbox software out there? I see this as my solution. I tried sandboxie a couple of years ago but it really screwed up my system and I had to restore from a backup to get rid of it.
j

Posted by: jean13 | September 30, 2009 1:23 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company