Flash-Based Malware Ad Sneaks Onto Legit Websites Via DoubleClick

A new malware ad has managed to sneak its way onto Doubleclick’s DART ad publishing system, which means it’s been showing up on several legitimate websites, including Major League Baseball, The Economist, and Canada.com. It doesn’t require user interaction to be triggered—as soon as it’s loaded into the page, it initiates the redirect, closes your browser window, and starts bullying you to install “anti-virus” software. It will even attempt to download a virus-laden .exe file, naturally.

The redirect isn’t triggered on every visit, so it’s been hard to track, but watch the video for a walkthrough of what exactly happens. The easiest thing to do to get out of the malware loop is force-quit your browser—it’s likely you can even go back to the website you were on and not have to worry about the ad being triggered again. But it’s embarrassing for DoubleClick (and troubling to us) because it shows they don’t have the ability to screen and catch malware that’s hidden inside Flash files. The company has announced that it’s implemented a new security system to catch and disable these ads, but it hasn’t yet confirmed that it can identify similar ads in the future that might use the same technique.

“Hackers Use Banner Ads on Major Sites to Hijack Your PC” [Wired]

RELATED
“Canada.com Infected With Trojan-Installation Browser Hijack” [Sudosu]
“Rogue Anti-Virus Slimeballs Hide Malware in Ads” [Wired]
(Photo: Getty)

Comments

Edit Your Comment

  1. blitzcat says:

    Awesome. Kudos to whoever thought that up.

  2. smitty1123 says:

    Firefox + (AdBlock + *doubleclick*) = ha

  3. Cowboys_fan says:

    I get an infection, then avg or spybot destroys it, the game continues. If people just learned how to handle this crap, it wouldn’t be much of a problem at all. I’ve got 1 virus in maybe 10 years that i had to remove on my own as anti-virus could not deal w/ it. I’m not afraid to open attachments, click links, execute .exe files because if it does mess up, I know how to fix it. Simple really if people would only take an hour on google to learn how.

  4. dwarf74 says:

    Wow. Now I don’t feel so bad for using AdBlock. :)

  5. jeffjohnvol says:

    You know, this very site (consumerist.com) uses doubleclick.net. Put your cursor above the “back” button and you will see it display a hyperlink to ad.doubleclick dot net. I have my hosts file with the doubleclick rerouted to 127.0.0.0 so those jerks don’t track my information. Google “how to use hosts” file to use it, or use firefox with adblock.

  6. jeffjohnvol says:

    when I said “jerks”, I meant doubleclick – not consumerist.com which I think is great.

  7. nickripley says:

    We, the consumers, ought to take a united action against the company that is responsible for this. I do not mean DoubleClick, but rather whatever company is behind the actual ad. Who would do business with a company like that? What company is it? I can’t watch Flash videos at work.

  8. Greasy Thumb Guzik says:

    And of course Google wants to buy this DoubleClick!
    Don’t be evil, my ass!

  9. lalala1949 says:

    adblock plus solves all the annoying flash problems for me. Double bonus is that the the websites load faster now that these flash advertisements aren’t coming up

  10. ZekeDMS says:

    And once again, noscript is my friend.

    Every time I see malware/spam ads for anti-spam/anti-virus/anti-spyware, I wonder how effective they are. Are people really dumb enough to buy anti-spyware that was sold to them by spyware?

    …well, probably.

  11. @dwarf74: Did you forget to install the adblock guilt-free version? ;)

  12. szeno says:

    I was redirected to the malware site after visiting http://www.realtytrac.com. I had to close my browser to get out of it. I thought it is RealtyTrac that allow this to happen, now I know it is DoubleClick.

    Anyway, I only get this on IE, with FireFox, I have AdLock so there is not a problem.

  13. IphtashuFitz says:

    Flashblock is my favorite Mozilla plugin!

  14. FLConsumer says:

    @nickripley: Nope, we need to take action against DoubleClick. They’re the ones who caused the damage. It’s not Nissan’s fault someone rear-ends me in one of their cars, rather, it’s the driver’s fault for bringing Nissan’s product into my bumper.

  15. carlosdelvaca says:

    Had this come up on Epicurious last week. Glad someone’s getting to the bottom of it.

  16. @nickripley: Unfortunately, the company thought to be behind it is a non-reputable “marketing” firm based in Russia. So, good luck with that. :/

  17. TechnoDestructo says:

    @Greasy Thumb Guzik:

    I’m cautiously optimistic that Google could clean up Doubleclick. OTOH, this isn’t something that Doubleclick was necessarily aware of, and as long as Google ends up serving the same kinds of ads, it won’t matter who owns it.

  18. nickripley says:

    @Chris Walters: DOS attack? Someone get on that.

  19. RAREBREED says:

    ADBLOCK RULES!

  20. darkened says:

    FlashBlock FTW

  21. Mr. Gunn says:

    I think this is a new strategy for badvertisers…there was pump and dump spam showing up in the consumerist feed last week. I guess they handled it, though, because I haven’t seen it again.

  22. Trai_Dep says:

    Wait. So if I’m viewing a Consumerist pict in a story about infected GIF malware, is it safe? Is it SAFE?!

  23. theblackdog says:

    This is why Adblock, Spybot, and Avast! are so great to have.

  24. mac-phisto says:

    this happened to me wednesday when i was visiting espn or something like that. i was actually quite surprised b/c i was using firefox, which is usually immune to crap like this.

  25. Trai_Dep says:

    Buy. A. Mac.

  26. sleze69 says:

    I have no idea what doubleclick is. I think I blocked it about a year ago with Opera. Haven’t seen it since…

  27. Jaysyn was banned for: http://consumerist.com/5032912/the-subprime-meltdown-will-be-nothing-compared-to-the-prime-meltdown#c7042646 says:

    @trai_dep:

    Or just use Linux if you don’t want to pay the “trendy” tax. Or a buy new PC.

    You do realize that a Mac isn’t a magic bullet, right? There are reasons they release security patches for OSX.

  28. AvWuff says:

    This isn’t REALLY scanning anything — it’s just a fake scan that then tries to install software.

  29. workingonyourinvoice says:

    @trai_dep: I thought I was going to be the first…

    @Jaysyn: I’m staying out of this one.

  30. Bladefist says:

    @trai_dep: when mac gets more market share, you’ll have your own problems.

  31. ElizabethD says:

    LOL! I knew before I even clicked on “Comments” that this would quickly become a Mac vs Windoze/PC debate.

  32. sykl0ps says:

    you know… doubleclick has always been know for being a good company…

  33. Bladefist says:

    @ElizabethD: unfortunately you were right. But there is really no debate. Anyone who knows anything about computers, knows a virus on any OS is possible.

  34. drjayphd says:

    @Jaysyn: Yes, but they’re still working on instituting the Double-Secret Extra Smugness Linux Surcharge.

  35. Amelie says:

    @sykl0ps: Doubleclick is a “good” company? You’re really naive. They are the original tracking scumbags. I’ve been blocking them almost ten years now.

    Scriptblock is the best response. The default setting is to NOT allow the video.

  36. Amelie says:

    It’s noscript, and not scriptblock.

    [noscript.net]

  37. Optimus says:

    This is what happens when websites use off-site hosted ads.

    That’s why I block all off-site hosted ads with AdBlock. The only ads I see on most sites (unfortunately due to this personal policy) are Google Ads. Most of hardocp.com’s ads show up so I’m liking them for stepping up and hosting their own ads.

  38. alhypo says:

    Ah, that explains it. This happened to me twice on links from HuffingtonPost.com. Luckily, my virus scanner caught them.

  39. Marko_Vulvic says:

    holy crap this is terrible Im gonna hav-…um no, wait, I have a Mac.

    Problem solved.

  40. Riddar says:

    @Marko_Vulvic: I guess if you believe it strongly enough, it may as well be true…

  41. Trai_Dep says:

    @bladefist: “Anyone who knows anything about computers, knows a virus on any OS is possible.”

    Err, try “on any poorly-written, designed from the ground-up to be insecure OS is possible.”

  42. Electroqueen says:

    @smitty1123:
    Don’t forget the NoScript! Kicks a lot of ads’ butts.

  43. Bobg says:

    This is why I’m definitely buying a computer with Linux the next time. I’ve had it with Microsoft and any other jerk that wants to use my computer for their own monetary gain being a partner on the computer I bought and paid for.

  44. Rusted says:

    Love that Firefox. Flashblock rocks.

  45. mac-phisto says:

    @Bobg: i don’t know if you can actually buy a computer with linux on it, but it’s really easy to install yourself. you can even partition a separate boot sector on your existing windows machine to give you the choice to boot to linux or boot to windows if you want.

    i’m screwing around with ubuntu right now & i love the interface – it’s more intuitive than windows, but it’s definitely not a full replacement for windows. it requires a lot of tweaking, learning & finding programs that do roughly what you’re looking for. i won’t lie to you – you’ll find yourself wondering at times if giving up the windows is worth the sacrifices you’re gonna make.

    the biggest problem is that a lot of open source software is not fully packaged like retail software. take, for example, gnucash. easy to install & easy to use…unless you need the help documentation. that’s a whole separate can of worms (that this user gave up on). or take gdesklets (for desktop widgets)…most of the widgets offered up in the program are outdated/broken, so you have to do the legwork to find working ones on the web.

    on the bright side, virtually every problem you’ll encounter has been encountered before & the fixes are easy to find with simple web searches.

    i would recommend creating a dual-boot environment on your existing pc so that you can experience linux & determine if it’s right for you. if you find that you’re booting into windows less & less often, make the switch permanently.

  46. Trai_Dep says:

    Heh.

    Or, for those people that value their time, simply buy a Mac. Everything works straight out of the box, simply and elegantly.

    I’m confused by the stick-it-to-the-man people eschewing Windows for Linux. You’re BUYING Windows anyway, unless you build your own box from components (thus even further removing it from the realm of being a simple solution for non-hobbyists).

    So, fork over money to buy a box that runs an insecure OS that you’re going to gut, but fund the guys that developed the crappy OS that made you want to switch in the first place? That’s teaching them a lesson!

  47. mac-phisto says:

    @trai_dep: well, actually, all my pc equipment is scavenged. the computer i’m on now cost me $0 (recovered office equipment). the last one i scavenged cost me $50 ($20 new 200gig hd; $30 oem win xp copy). show me a mac i can pick up in that price range & i’m game.

    i’d gladly purchase your mac for $50. =)

  48. korith says:

    @smitty1123:

    This is exactly what I have done, Firefox and adblock combination is just awesome. Anytime I visit a site I haven’t visited before, I’ll quickly look it over, and see if there are any ads. A few clicks of the mouse and I’ve blocked the ad server. The trick is to not just block that ad, but the server the ads are coming from.

  49. Buran says:

    @nickripley: Russia is not a country without laws.

  50. Buran says:

    @FLConsumer: Tell that to the people who sued Ford and Firestone after they ignored the specs for the tires.

  51. Buran says:

    @bladefist: Oh really? Ever consider the fact that the first person who writes a “real” mac virus would gain tons of notoriety among the hacker world? Still hasn’t happened.

    I really can’t stand jerks who automatically assume that all mac users are smug assholes. Pot, meet kettle.

  52. Bladefist says:

    @Buran: lol, I call it how I see it. And as a experienced computer developer, probably like a lot of people here, I know i’m right. Any OS can get a virus. If you are saying that no one can write a program that will email itself to you friends, and then erase your HDD, then Macs are amazing for security, terrible for developing applications for emailing friends. lol

  53. Bladefist says:

    @trai_dep: Wow, send your ideas to MS. They have always built top-down.