(PRAGUE, Czech Republic, March 16) Researchers at ALWIL Software, providers of the avast! antivirus program, have discovered a widespread campaign to infect website advertisements served up on leading online advertising services.
The attack infects advertisements served up by a number of online advertisers, helping place malware on the computers of people visiting leading websites such as Google and Yahoo.
The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which cover more than 50% of online ads. The list of poisoned ad services is extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com. Doubleclick.com, an advertising server affiliated with Google, is ranked fifth in the avast! Virus Lab list of infected servers by rate of infection.
“The poison ad infiltration method is growing in popularity because it does not require users to click on anything,” explains Jiri Sejtko, avast! Senior Virus Analyst. “Users can get infected just by reading their favorite newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser.”
“JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing,” comments Sejtko, “Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware.”
“Consumers shouldn’t immediately accuse their antivirus program of a false positive when a familiar site gets blocked. There can be a real danger,” explains Sejtko. “avast! and Kaspersky Labs, a competing antivirus product, both blocked yieldmanager earlier this year because of these attacks. If these advertising services get too infected, the easiest way to protect our users is to block them completely.”
More information on the technical aspects of ad poisoning can be found here:
Avast (www.avast.com), the global leader in digital security products, protects over 400 million people online. Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, ICSA Labs, West Coast Labs and others. Avast is backed by leading global private equity firms CVC Capital Partners and Summit Partners.
1988-2017 Copyright Avast Software s.r.o.