Scammers pretending to buy ads for Suzuki tricked Gawker’s ad sales team last week into running malware-laced ads that installed spyware and crashed the browsers of some readers before they were caught and pulled.
The network apologized for serving up serving Adobe exploits CVE-2008-2992 and CVE-2009-0927 on its flagship blog by saying simply, “Sorry About That. Our ad sales team fell for a malware scam. Sorry if it crashed your computer.” Silicon Valley Insider has the scoop, including the full email exchange between Gawker ad-sales guy James Del and the scammers.
The ad ran for “less than 5 days last week,” Gawker’s James Del told Threat Level. “This was a very malicious piece of code that seemingly took advantage of unpatched Adobe software, though we don’t have details on how exactly that worked. It was not a ‘trick’ ad, wherein users were prompted to install something … It simply strong armed it’s way through a vulnerability and infected the computer.”
Note that while Gawker still hosts us for the time being, they do not serve any ads to Consumerist readers.
Gawker Scammed By Malware Crew Pretending To Be Suzuki [Silicon Valley Insider]