Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Online advertisingtest Security Risk Identified

Avast Software : 17 March, 2010  (Technical Article)
Website advertisement infections have been discovered which put users at risk when using large commercial advertising providers
Researchers at ALWIL Software, providers of the avast! antivirus program, have discovered a widespread campaign to infect website advertisements served up on leading online advertising services.

The attack infects advertisements served up by a number of online advertisers, helping place malware on the computers of people visiting leading websites such as Google and Yahoo.

The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which cover more than 50% of online ads. The list of poisoned ad services is extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com. Doubleclick.com, an advertising server affiliated with Google, is ranked fifth in the avast! Virus Lab list of infected servers by rate of infection.

"The poison ad infiltration method is growing in popularity because it does not require users to click on anything," explains Jiri Sejtko, avast! Senior Virus Analyst. "Users can get infected just by reading their favourite newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser."

Avast! Virus Labs have named this attack vector JS:Prontexi. It is a JavaScript code which acts as a channel for malware attacks on vulnerable software such as Adobe and a range of zero-day exploits.

"JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing," comments Sejtko, "Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware."

"Consumers shouldn't immediately accuse their antivirus program of a false positive when a familiar site gets blocked. There can be a real danger," explains Sejtko. "avast! and Kaspersky Labs, a competing antivirus product, both blocked yieldmanager earlier this year because of these attacks. If these advertising services get too infected, the easiest way to protect our users is to block them completely."

Since the surge of JS:Prontexi in February, avast! has updated its virus databases to fully protect against this attack vector. avast! sensors in individual computers detect the malicious JavaScript and block it, preventing users from receiving the infection. Much of the data gathered on the spread and prevalence of this poisoned ad phenomenon has been collected by users participating in the "avast! Community IQ", the firm's own "cloud" of 100 million endpoints that report on web dangers, helping the avast! experts build better protection schemes.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo