Digital TrendsTechnology news and Product Reviews

Yahoo, Fox and Google Inadvertently Spread Malware through Ads

Nick Mokey By

Malicious JavaScript circulating in ad networks that serve over 50 percent of the Web can open the door to malware, without even clicking on the ad.

Internet security software and common sense can steer you away from the some of the Web’s skeeviest destinations to avoid malware, but when it’s embedded in ads from some of the biggest advertising networks out there, you may be looking at infection at every turn.

According to Avast, a manufacturer of antivirus software, major ad networks affiliated with Yahoo, Fox and Google have been distributing “poisoned ads” containing malicious code. The so-called JS:Prontexi attack uses JavaScript that can open the door to malware attacks and zero-day exploits, all without clicking on anything.

Because the infected networks serve more than 50 percent of all online advertising, poisoned ads have appeared on major sites including The New York Times, TechCrunch and Drudge Report.

This isn’t the only outbreak of a computer virus spread through advertising. “The poison ad infiltration method is growing in popularity because it does not require users to click on anything,” said Avast virus analyst Jiri Sejtko, in a statement. “Users can get infected just by reading their favorite newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser.”

In Case You Missed It:

Showing 12 comments

  1. Bruce at 2:51pm 31st March 2010 Would Adblock Plus (now available for Chrome as well as FireFox) be enough to stop this code?
  2. Ian Bell at 9:18am 25th March 2010 We had the same problem with AdBrite on Digital Trends last year. I pulled them after a day. Not sure what type of ad network they are, but clearly they cannot be trusted.
  3. Dean Collins at 5:58am 25th March 2010 As a content provider its even more annoying; eg about 4 months ago we found one of the ads being served up by AdBrite had a trojan (that was being flagged by my antivirus so was ok) ... I was getting Malware from my own website - http://www.LiveFootballChat.com :(

    We ended up turning AdBrite off and have stuck with just google ads since then but if the ad networks cant stop them then how are we as content providers supposed to solve this problem?
  4. neoBigD at 7:21pm 24th March 2010 another reason to use firefox and adblock plus
  5. MJ at 6:56pm 24th March 2010 Malware? More like cross site scripting!
  6. FreePostia at 5:23pm 24th March 2010 Shocking report.........
  7. mid calf boots at 1:19pm 24th March 2010 It's definitely a pretty big issue as ads are being served to sooooooooooo many people. This needs to be taken seriously and the word needs to get out to people.
  8. Gonzobot at 12:56pm 24th March 2010 What sucks is the fact that there is no provision for ads of this nature to be illegal. Where will the lawsuits land when major networks are compromised with these attacks? The browser manufacturer? The ad provider? The search engine? The user? The actual attackers?

    I personally cannot, and have never been able to, understand how ads aren't considered flat out malware in and of themselves. There are ads nowadays that will simply prevent you from looking at a website unless you are willing to expose yourself to any kind of malicious code - you literally cannot get the content without the security breach. How much longer until we as a species realize that advertising of such nature is WRONG?

    I would liken it to driving down the street, and having a banner ad on a bus stop that requires you to read it, and send a text to the company, before the light will change for you to continue. And lawmakers are siding with the advertising agencies behind it all - follow the money!
  9. badads at 12:47pm 24th March 2010 This is bad, how long before this can be fixed, I wonder. It's almost the perfect exploit, unfortunately.
  10. lourawlson at 12:43pm 24th March 2010 You have to admit there is nothing more annoying than malware!

    Lou
    www.ultimate-privacy.net.tc
  11. James Jamal Jefferson Jr at 12:41pm 24th March 2010 Do it
  12. jonathonhewitt at 10:26am 24th March 2010 That sucks!
Close Suggestion VirnetX Brings Patent Battle to Windows 7
View Article