(PRAGUE, Czech Republic, March 16) Researchers at ALWIL Software, providers of the avast! antivirus program, have discovered a widespread campaign to infect website advertisements served up on leading online advertising services.
The attack infects advertisements served up by a number of online advertisers, helping place malware on the computers of people visiting leading websites such as Google and Yahoo.
The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which cover more than 50% of online ads. The list of poisoned ad services is extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com. Doubleclick.com, an advertising server affiliated with Google, is ranked fifth in the avast! Virus Lab list of infected servers by rate of infection.
“The poison ad infiltration method is growing in popularity because it does not require users to click on anything,” explains Jiri Sejtko, avast! Senior Virus Analyst. “Users can get infected just by reading their favorite newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser.”
“JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing,” comments Sejtko, “Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware.”
“Consumers shouldn’t immediately accuse their antivirus program of a false positive when a familiar site gets blocked. There can be a real danger,” explains Sejtko. “avast! and Kaspersky Labs, a competing antivirus product, both blocked yieldmanager earlier this year because of these attacks. If these advertising services get too infected, the easiest way to protect our users is to block them completely.”
More information on the technical aspects of ad poisoning can be found here: