Sign in with
Sign up | Sign in

Malware-Infested Ads Found on Major Websites

By - Source: Tom's Guide US | B 12 comments
Tags :

Credit: Lightspring/ShutterstockCredit: Lightspring/Shutterstock

Break out your ad blocker or your NoScript: Malicious advertisements have been discovered infecting the Web browsers of people who visited certain major websites between Aug. 19 and Aug. 22. Users did not have to click on the ads to be infected.

The "malvertising" was found on Java.com, DeviantArt, TMZ, Photobucket, IBTimes, eBay.ie, Kapaza.be and TVgids.nl, and eventually detected by Dutch Internet-security company Fox-IT. The websites themselves were not hacked; rather, the malicious ads had been spread through the online advertising network AppNexus. (AppNexus quickly removed the ads, which had abused an automated-bidding placement process.)

MORE: 10 Best Ad Blockers and Privacy Extensions

When victims visited websites containing these malicious ads, hidden links triggered a drive-by download. The victims' browsers were redirected to a malicious Web page hosting the Angler browser exploit kit, a software bundle containing exploits for several known flaws in browser plugins, such as Flash Player, Java and Microsoft Silverlight.

Like most exploit kits, Angler tries several different attacks until it finds one that gets through a browser's defenses. It then uses that hole to inject and launch malware — in this case, the Rerdom backdoor Trojan, which establishes a foothold for possibly more malware to be installed. Think of Angler as a hypodermic needle, and Rerdom as the stuff being injected into victims' computers.

Malvertising has been a problem for many years; even the New York Times website was hit in 2009. Unfortunately, the online-advertising industry has created many layers of buyers, referrers, bidders and networks, most of which use computerized processes to rapidly maximize effectiveness and revenue.

Website operators often have no direct relationship with, or control over, the ads that appear on their sites. The highly decentralized nature of the ad-placement process creates opportunities for malicious actors to inject themselves into the process.

What can you do to protect yourself from malicious ads? First, run a good antivirus program, which will detect browser exploit kits hidden in Web pages. We've reviewed our top antivirus picks on Tom's Guide.

Next, you could try to use an ad blocker in your browser. You can also enable click-to-play, a setting in modern browsers that bars each multimedia file, such as an ad that plays music or movies, from running unless you give it express permission.

However, both solutions may be incomplete. Some ad blockers "whitelist" certain ad networks so their ads display, and click-to-play settings won't affect simpler ads.

It might be best to install a plugin, such as NoScript for Mozilla Firefox or Script Blocker for Google Chrome, that blocks all executable browser content. Users will generally be able to temporarily or permanently allow content from certain sites, while continuing to block others — such as that from ad networks.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the Off-Topic / General Discussion forum about this subject

Example: Notebook, Android, SSD hard drive

  • 4 Hide
    Andy Chow , August 28, 2014 4:07 PM
    I have my ad blcker on right now. Only blocking 25 ads. On this site. Oups, scrolled down to the next article, now it's 39.
  • 3 Hide
    nukemaster , August 28, 2014 4:31 PM
    Quote:
    I have my ad blcker on right now. Only blocking 25 ads. On this site. Oups, scrolled down to the next article, now it's 39.

    Ad's do still pay the bills for all these websites.
  • 7 Hide
    tom10167 , August 28, 2014 6:32 PM
    Pretty noble of Tom's to recommend AdBlock when their own site is ad-funded.
  • Add your comment Display all 12 comments.
  • 1 Hide
    razor512 , August 28, 2014 9:18 PM
    Quote:
    Quote:
    I have my ad blcker on right now. Only blocking 25 ads. On this site. Oups, scrolled down to the next article, now it's 39.

    Ad's do still pay the bills for all these websites.



    while ads do pay the bills, I feel that websites that care enough to vet the ads before displaying them should be rewarded with ad views, for the sites and services which rely on automated ad placement, they deserve to have their ads blocked.

    If they do not care enough to inspect the ads beforehand, then they we should not care enough to unblock their ads.
  • 5 Hide
    razor512 , August 28, 2014 9:24 PM
    If advertisers do not care enough to properly inspect the ads before publishing them, then users should not care enough to unblock their ads.

    While most people are perfectly fine with ads as we understand that they fund the sites we like, the well for ads have been poisoned. Pretty much 99.999% of all ads, advertise the same crap that gets blocked by the spam filter in email. I do not mind non obnoxious ads, but some sites will run ads which have auto playing video or audio. What many sites do not understand is that they can no longer just give an advertiser full control over a section of their site. if the website owner does not care enough to vet each ad, then the users should not care enough to view the ads.

    Website owners need to start meeting the users half way and earn their trust, show the users that you know that is being hosted and are not just giving someone free reign over part of your website.
  • 0 Hide
    Andy Chow , August 28, 2014 11:35 PM
    There's a limit at which ads become excessive. If a part was reviewed here, and advertised at a good price for new eeg or amazom (need to bypass filters), well sure I would click it. And buy that part. That's why I'm here. To see if there is anything worth buying.

    I never used to have AdBlck on, until they started putting ads in every benchmark result graph, and I wasn't able to see if higher was better etc. It's actively preventing me from getting information.

    The problem is, it's all or nothing. Either I see all the ads, or none. But that's not my problem, now is it?
  • 2 Hide
    Vorador2 , August 29, 2014 12:31 AM
    Sometimes i feel bad about using adblocker on pages i visit daily, and whitelist them.

    Until the ads start playing music. Or videos, or pop ups. Then i turn it back on.

    Stop using the high paying annoying ads, and i will stop using adblocker.
  • 0 Hide
    damianrobertjones , August 29, 2014 4:20 AM
    Or, as not everyone wants Chrome etc, add a list to your hosts file that protects your entire PC.
  • 0 Hide
    RCguitarist , August 29, 2014 8:36 AM
    Adblock plus works great for me. And if you listen to pandora, ad block plus actually removes all commercials from playing, it's great. I do however leave my favorite websites such as toms, rock paper shotgun, etc on the whitelist to support them.
  • 0 Hide
    Adrienne Boswell , August 29, 2014 9:48 AM
    Recommendation: Use a hosts file. If your hosts file has an entry for badadnetwork.example.com as 127.0.0.1, your browser will just go to that IP address. No need for ad blockers or extensions. I still use Noscript to keep safe from malicious JavaScript, and I have Flash and the like only on demand. I haven't had a virus in over 10 years.
  • 0 Hide
    husker , August 31, 2014 10:06 PM
    Quote:
    If advertisers do not care enough to properly inspect the ads before publishing them, then users should not care enough to unblock their ads.


    The article clearly states:
    "Website operators often have no direct relationship with, or control over, the ads that appear on their sites. The highly decentralized nature of the ad-placement process creates opportunities for malicious actors to inject themselves into the process."

  • 0 Hide
    f-14 , August 31, 2014 11:35 PM
    i don't pay internet access for high speed to watch ad commercials or ad billboards. this is one of the main causes bogging down the internet. movie streaming and bit torrent are a drop in the bucket compared to ad spam ware. every one should punish advertisers with the removal of java and flash.

    screw them, and their internet bog machines too!
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS