A new malware ad has managed to sneak its way onto Doubleclick’s DART ad publishing system, which means it’s been showing up on several legitimate websites, including Major League Baseball, The Economist, and Canada.com. It doesn’t require user interaction to be triggered—as soon as it’s loaded into the page, it initiates the redirect, closes your browser window, and starts bullying you to install “anti-virus” software. It will even attempt to download a virus-laden .exe file, naturally.
The redirect isn’t triggered on every visit, so it’s been hard to track, but watch the video for a walkthrough of what exactly happens. The easiest thing to do to get out of the malware loop is force-quit your browser—it’s likely you can even go back to the website you were on and not have to worry about the ad being triggered again. But it’s embarrassing for DoubleClick (and troubling to us) because it shows they don’t have the ability to screen and catch malware that’s hidden inside Flash files. The company has announced that it’s implemented a new security system to catch and disable these ads, but it hasn’t yet confirmed that it can identify similar ads in the future that might use the same technique.
“Hackers Use Banner Ads on Major Sites to Hijack Your PC” [Wired]
RELATED
“Canada.com Infected With Trojan-Installation Browser Hijack” [Sudosu]
“Rogue Anti-Virus Slimeballs Hide Malware in Ads” [Wired]
(Photo: Getty)
More From Consumerist
-
More Online Ads Should Require Users To Confirm They Meant To Click
-
Scratch & Sniff Internet Ad Technology Has A Long Way To Go
-
Twitter Says It's Going To Start Aiming Ads At Users Based On Content Of Tweets
-
Be Careful What You Tweet About Because It Will Now Determine The Ads You See
-
Brits Ban Dior Ad Because No Amount Of Mascara Will Turn You Into Natalie Portman
Awesome. Kudos to whoever thought that up.
Firefox + (AdBlock + *doubleclick*) = ha
I get an infection, then avg or spybot destroys it, the game continues. If people just learned how to handle this crap, it wouldn’t be much of a problem at all. I’ve got 1 virus in maybe 10 years that i had to remove on my own as anti-virus could not deal w/ it. I’m not afraid to open attachments, click links, execute .exe files because if it does mess up, I know how to fix it. Simple really if people would only take an hour on google to learn how.
Wow. Now I don’t feel so bad for using AdBlock.
You know, this very site (consumerist.com) uses doubleclick.net. Put your cursor above the “back” button and you will see it display a hyperlink to ad.doubleclick dot net. I have my hosts file with the doubleclick rerouted to 127.0.0.0 so those jerks don’t track my information. Google “how to use hosts” file to use it, or use firefox with adblock.
when I said “jerks”, I meant doubleclick – not consumerist.com which I think is great.
We, the consumers, ought to take a united action against the company that is responsible for this. I do not mean DoubleClick, but rather whatever company is behind the actual ad. Who would do business with a company like that? What company is it? I can’t watch Flash videos at work.
And of course Google wants to buy this DoubleClick!
Don’t be evil, my ass!
adblock plus solves all the annoying flash problems for me. Double bonus is that the the websites load faster now that these flash advertisements aren’t coming up
And once again, noscript is my friend.
Every time I see malware/spam ads for anti-spam/anti-virus/anti-spyware, I wonder how effective they are. Are people really dumb enough to buy anti-spyware that was sold to them by spyware?
…well, probably.
@dwarf74: Did you forget to install the adblock guilt-free version?
I was redirected to the malware site after visiting http://www.realtytrac.com. I had to close my browser to get out of it. I thought it is RealtyTrac that allow this to happen, now I know it is DoubleClick.
Anyway, I only get this on IE, with FireFox, I have AdLock so there is not a problem.
Flashblock is my favorite Mozilla plugin!
@nickripley: Nope, we need to take action against DoubleClick. They’re the ones who caused the damage. It’s not Nissan’s fault someone rear-ends me in one of their cars, rather, it’s the driver’s fault for bringing Nissan’s product into my bumper.
Had this come up on Epicurious last week. Glad someone’s getting to the bottom of it.
@nickripley: Unfortunately, the company thought to be behind it is a non-reputable “marketing” firm based in Russia. So, good luck with that. :/
@Greasy Thumb Guzik:
I’m cautiously optimistic that Google could clean up Doubleclick. OTOH, this isn’t something that Doubleclick was necessarily aware of, and as long as Google ends up serving the same kinds of ads, it won’t matter who owns it.
@Chris Walters: DOS attack? Someone get on that.
ADBLOCK RULES!
FlashBlock FTW
I think this is a new strategy for badvertisers…there was pump and dump spam showing up in the consumerist feed last week. I guess they handled it, though, because I haven’t seen it again.
Wait. So if I’m viewing a Consumerist pict in a story about infected GIF malware, is it safe? Is it SAFE?!
This is why Adblock, Spybot, and Avast! are so great to have.
this happened to me wednesday when i was visiting espn or something like that. i was actually quite surprised b/c i was using firefox, which is usually immune to crap like this.
Buy. A. Mac.
I have no idea what doubleclick is. I think I blocked it about a year ago with Opera. Haven’t seen it since…
@trai_dep:
Or just use Linux if you don’t want to pay the “trendy” tax. Or a buy new PC.
You do realize that a Mac isn’t a magic bullet, right? There are reasons they release security patches for OSX.
This isn’t REALLY scanning anything — it’s just a fake scan that then tries to install software.
@trai_dep: I thought I was going to be the first…
@Jaysyn: I’m staying out of this one.
@trai_dep: when mac gets more market share, you’ll have your own problems.
LOL! I knew before I even clicked on “Comments” that this would quickly become a Mac vs Windoze/PC debate.
you know… doubleclick has always been know for being a good company…
@ElizabethD: unfortunately you were right. But there is really no debate. Anyone who knows anything about computers, knows a virus on any OS is possible.
@Jaysyn: Yes, but they’re still working on instituting the Double-Secret Extra Smugness Linux Surcharge.
@sykl0ps: Doubleclick is a “good” company? You’re really naive. They are the original tracking scumbags. I’ve been blocking them almost ten years now.
Scriptblock is the best response. The default setting is to NOT allow the video.
It’s noscript, and not scriptblock.
[noscript.net]
This is what happens when websites use off-site hosted ads.
That’s why I block all off-site hosted ads with AdBlock. The only ads I see on most sites (unfortunately due to this personal policy) are Google Ads. Most of hardocp.com’s ads show up so I’m liking them for stepping up and hosting their own ads.
Ah, that explains it. This happened to me twice on links from HuffingtonPost.com. Luckily, my virus scanner caught them.
holy crap this is terrible Im gonna hav-…um no, wait, I have a Mac.
Problem solved.
@Marko_Vulvic: I guess if you believe it strongly enough, it may as well be true…
@bladefist: “Anyone who knows anything about computers, knows a virus on any OS is possible.”
Err, try “on any poorly-written, designed from the ground-up to be insecure OS is possible.”
@smitty1123:
Don’t forget the NoScript! Kicks a lot of ads’ butts.
This is why I’m definitely buying a computer with Linux the next time. I’ve had it with Microsoft and any other jerk that wants to use my computer for their own monetary gain being a partner on the computer I bought and paid for.
Love that Firefox. Flashblock rocks.
@Bobg: i don’t know if you can actually buy a computer with linux on it, but it’s really easy to install yourself. you can even partition a separate boot sector on your existing windows machine to give you the choice to boot to linux or boot to windows if you want.
i’m screwing around with ubuntu right now & i love the interface – it’s more intuitive than windows, but it’s definitely not a full replacement for windows. it requires a lot of tweaking, learning & finding programs that do roughly what you’re looking for. i won’t lie to you – you’ll find yourself wondering at times if giving up the windows is worth the sacrifices you’re gonna make.
the biggest problem is that a lot of open source software is not fully packaged like retail software. take, for example, gnucash. easy to install & easy to use…unless you need the help documentation. that’s a whole separate can of worms (that this user gave up on). or take gdesklets (for desktop widgets)…most of the widgets offered up in the program are outdated/broken, so you have to do the legwork to find working ones on the web.
on the bright side, virtually every problem you’ll encounter has been encountered before & the fixes are easy to find with simple web searches.
i would recommend creating a dual-boot environment on your existing pc so that you can experience linux & determine if it’s right for you. if you find that you’re booting into windows less & less often, make the switch permanently.
Heh.
Or, for those people that value their time, simply buy a Mac. Everything works straight out of the box, simply and elegantly.
I’m confused by the stick-it-to-the-man people eschewing Windows for Linux. You’re BUYING Windows anyway, unless you build your own box from components (thus even further removing it from the realm of being a simple solution for non-hobbyists).
So, fork over money to buy a box that runs an insecure OS that you’re going to gut, but fund the guys that developed the crappy OS that made you want to switch in the first place? That’s teaching them a lesson!
@trai_dep: well, actually, all my pc equipment is scavenged. the computer i’m on now cost me $0 (recovered office equipment). the last one i scavenged cost me $50 ($20 new 200gig hd; $30 oem win xp copy). show me a mac i can pick up in that price range & i’m game.
i’d gladly purchase your mac for $50. =)
@smitty1123:
This is exactly what I have done, Firefox and adblock combination is just awesome. Anytime I visit a site I haven’t visited before, I’ll quickly look it over, and see if there are any ads. A few clicks of the mouse and I’ve blocked the ad server. The trick is to not just block that ad, but the server the ads are coming from.
@nickripley: Russia is not a country without laws.
@FLConsumer: Tell that to the people who sued Ford and Firestone after they ignored the specs for the tires.