- Acceptable Use (1)
- Administration (2)
- Beta Versions (1)
- Computers (10)
- drive imaging (1)
- Drive-by Infection (2)
- eKarma (1)
- File Recovery (1)
- honesty (1)
- integrity (1)
- Malvertising (1)
- Malware (7)
- Monitoring (1)
- Networking (7)
- patch testing (4)
- Patch Tuesday (2)
- Patches (5)
- peripherals (1)
- Power Failures (1)
- Power Supply (1)
- Power Surge (1)
- remote support (1)
- security (2)
- Software (2)
- Surge Protectors (1)
- Trojan (5)
- Troubleshooting (6)
- Uncategorized (2)
- Uninterruptible Power Supply (1)
- UPS (1)
- Virus (5)
- Worm (4)
- 27. April 2010: McAfee agrees to cover Repair Bills for damaged XP SP3 Systems After Buggy Update
- 18. April 2010: Sun/Oracle Makes About-Face about patching Java
- 10. April 2010: April 13th 2010 Patch Tuesday- 11 important patches
- 24. March 2010: Avast: "New Threat: Malvertising"
- 24. March 2010: Recent BitDefender update makes 64bit Windows un-bootable
- 10. July 2008: Another "Day Zero" Balancing Act...
- 2. July 2008: Oh what tangled webs we weave...(sub-title: Flame Bait)
- 27. June 2008: Opps, they did it again...
- 7. June 2008: Drive-By Infections... The Innocent Suffer... The Guilty Rejoyce.
- 3. June 2008: Ah... April Showers Bring... May Flowers and June Thunderstorms!
Avast: “New Threat: Malvertising”
Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.
Malware has previously been found in ads running on normally trustworthy sites like The New York Times, the Drudge Report.com, TechCrunch and WhitePages.com. The practice has been dubbed “malvertising.”
Researchers at Avast say some large ad delivery systems including Yahoo’s Yield Manager and Fox Audience Network’s Fimserve.com (together they cover more than 50 percent of online ads), and to a much smaller degree Google’s DoubleClick, are delivering much of the Malvertising. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.
“It’s not just the small players but the ad servers connected with Google and Yahoo have been infected and served up bad ads,” said Lyle Frink, public relations manager for Avast.
The most compromised ad delivery systems were Yield Manager and Fimserve, but a number of smaller ad systems, including Myspace, were also found to be delivering malware on a lesser scale, Avast Virus Labs said.
In these cases, JavaScript code that Avast dubbed “JS:Prontexi,” was found in ads delivered from those networks. Avast researcher Jiri Sejtko said this is a Trojan in script form that targets the Windows operating system.
It trys to find vulnerabilities in Adobe Reader and Acrobat, Java, QuickTime, and Flash and launches fake antivirus warnings when it does find them, Sejtko said. “The Google portion of JS:Prontexi is quite small and has gotten visibly even smaller as Google has taken steps to improve the situation,” Sejtko said. “That is not the case with Yahoo and Fox.”
Users don’t need to click on anything to get infected; a computer becomes infected immediately after the ad is loaded by the browser, Avast said.
Since the malware started spreading in late December, Avast has registered more than 2.6 million instances of it on customers’ computers.
This same post is available on my local blog at http://www.networkingdelaware.com/blogpage.html