Feeds

back to article Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users

A Yahoo-owned advertising network became the unwitting ally of cyber crooks after it spewed millions of Trojan-laced banner ads on MySpace, PhotoBucket and other websites. The banner ads, which were brokered by Right Media, were served an estimated 12 million times over a three-week period starting in early August, according to …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Gee, what to do?

Perhaps... require traceable contact information for the people buying ad space? Somehow banks, car dealerships, etc, usually manage to ensure that people using their services are who they say they are. Somehow, though, pay-per-click ad distributors seem to have missed that class on the way to their MBAs.

Or, of course, they know damned well what they're doing, and prefer to siphon off the revenue they get from criminals while waving their hands in the air and professing impotence.

I ran into the same thing a few years ago when I investigated the people behind the ads served on browser-hijack pages which were forced on users who got the CoolWebSearch trojan, a piece of malware so ... well, mal, that even completely patched systems were no match for it. The malware hijacked the victims' browsers and pointed them to various "search" pages, which were jammed with banner and context ads served by several major PPC players.

I traced down the IPs, put together detailed trails that led to the PPC companies and the trojan writers' ISPs, and got the runaround from everyone. The PPC companies said that they honestly didn't give a damn, and the ISPs said they had to get a certain number of complaints, and they hadn't quite got enough yet...

I shopped the story around to a few tech rags, but while the guys who read it thought it was pretty damning, none of their editors would run it - it basically ran a direct trail showing how Yahoo, Overture, and major ISPs were helping malware authors launder PPC money. Why bite the hand that feeds you?

So. Yeah. Of *course* Yahoo feeds trojan-laced ads to MySpace and PhotoBucket. They've got practice in the field.

0
0

The answer is Firefox

Use Firefox and you don't have to worry.

0
0
Anonymous Coward

MySpace and PhotoBucket...

Why?

0
0
Silver badge

"The answer is Firefox"....

and Flashblock/Adblock

essential browsing plugins David :)

0
0
Anonymous Coward

@Gee, what to do?

The fact that ISP's don't give a toss for abuse is well known and documented elsewhere in this organ.

If you have such damning and concrete evidence have you considered 'publishing' it (anon, if you want) perhaps even on the very miscreants sites?.

It's trivially easy to anonymise your IP/email address and once the story is picked up and run with by others...

0
0

Stay Patched...

So, these people were hit by malware because they didn't apply a patch that came out in February?

I would be tempted to say that it's their own fault then. It's really not that hard to stay patched...

0
0

@David

(I'm a Firefox user so don't take this the wrong way)

"Use Firefox and you don't have to worry" - There are holes and security risks in Firefox as well. Perhaps a more factual statement would have been:

"Use Firefox and you don't have to worry about IE exploits (unless you're running IE Tab)"

;¬D

0
0
Anonymous Coward

Finjan.com and WSJ alerted on this few months ago

Few months ago Finjan.com issued a report on malicious Ads.:

http://www.finjan.com/Pressrelease.aspx?id=1383&PressLan=1230&lan=3

The WSJ also covered the story at:

http://online.wsj.com/public/article/SB118480608500871051-WwvY6WDU_pi_D9m1KrYuwQQX1Y0_20070817.html?mod=tff_main_tff_top

0
0

to the evangelical Firefox users...

Quite old but this sums it up...

http://xkcd.com/198/

0
0

Microsoft patches not applied

I've got two (out of four) machines at home that are knackered if I enabled the Windows Automatic Updates service - a known issue apparantly. One, a desktop, the processor hits 100%, on the svchost.exe process that is running the service, and stays there. The other, a laptop, freezes completely. So off I pop to the Windows Update website to download the updates manually and it complains that the service is disabled! Argh!

I have a daughter who spends her life on Bebo, MySpace and MSN and my ZoneAlarm Security Suite has found that virus numerous times now.

0
0

Maybe this is what's patched

... frankly, I don't give a damn as I use Opera for browsing, Firefox for web development (web developer toolbar, html validator and so on) and Internet Explorer only on my localhost for testing which bits of the DOM don't work... but, if I read this correctly, this is (yet another) iFrame exploit.

Surely all IE7 users have to do is check "Disable" under the "launching programs and files in an IFRAME" setting? Maybe adding that option _was_ the patch (or more likely just setting it to Disabled by default).

Thought for the day, software is no substitute for knowing what the fk you are doing - don't rely so heavily on your AV/Firewall that you switch off your brain.

0
0

Dizzy from the Spin

Van Gogh was a "high risk creative".

These ads are "malware".

0
0

Re: The answer is Firefox

Wrong. AN answer is Firefox. Another (better) answer is Opera.

THE answer is... anything but Internet Exploiter.

-A.

0
0

Re: The answer is Firefox

What the... ?!

Thank you Andy, for a reasonable evaluation of the situation.

Thank you David, for your cheerful spoutings. Perchance someday when daily we walk hand-in-hand with senility we might, to some small extent, attain your level of bliss, where life is beautiful all the time and I'll be happy to see those nice young men in their clean white coats...

0
0

Re: The answer is Firefox

Although I like FireFox, the answer is not having all that bloody useless Flash everywhere. I notice on my FreeBSD system running Linux Flash/Shockwave that the current version of Flash complains it can't do an autoinstall of somekind.

Bloody well right it can't!!!

If I choose to run a Flash, fine. Else don't put it everywhere.

0
0
This topic is closed for new posts.