Feeds

back to article Malware torrent delivered over Google, Yahoo! ad services

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm. The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's …

COMMENTS

This topic is closed for new posts.
Troll

Of course..

Of course, it could never happen to El Reg, could it?

Oh wait... http://www.theregister.co.uk/2004/11/21/register_adserver_attack/

0
0
Gates Halo

The vulnerabilities are in the browser and operating system

The internet is full of viruses. If the user hasn't updated their software, they're putting themselves at risk whether the malware exists in an ad banner or any other site.

0
0
Alert

Caveat Pasco

And some people wonder why I insist on blocking all ads and most scripts in my browser. Not only are many of them annoying, but you have the possibility of them being carriers for malware.

"Let the browser beware"!

0
0
FAIL

Two cures for the malvertisement blues... and I can see why he wouldn't want his name used.

AdBlock + NoScript = WIN.

Also,

>""With DoubleClick ad management, publishers are in control of what content they are serving and are therefore ultimately responsible for determining what advertising appears on their site,""

Yes, no wonder the facetious git didn't want his name used. Is he seriously claiming that there's an option in the publishers' googleads account settings for "Include malware banners (Yes/No?)" and it's all the publishers' fault for having left it on instead of off? Because he certainly *sounds* like he's saying it's all their fault for having *chosen* to get malicious ads from google's advertising network. No wonder he didn't want to be named, he knows how stupid he must have sounded.

0
0
Gold badge
FAIL

Half the truth anyway.

"He went on to say that DoubleClick does employ a security monitoring system that screens all ads, and in cases where it identifies problem banners, they are pulled immediately."

It's a shame he didn't go on to apologise for this system being a useless sack of shit that's not fit for purpose. An existing Trojan targetting an old vuln and they *still* didn't spot it? You could forgive 'em not picking up the odd zero day, but this?

Doubleclick were always greedy scum peddlars. Being owned by Google doesn't make them any more than Google-branded greedy scum peddlars. They've been blocked on my router for some years now and I've still seen nothing that would make me think about changing this (notwithstanding that the whole "getting off my arse and doing it for no benefit" bit is unlikely to happen in any event).

0
0
Stop

Last night I added these to my firewalls access restrictions list

Got fed up of being redirected to google-analytics (fuck google) every time I clicked on a link. But then added

yieldmanager, doubleclick, tacoda, smartadserver, googlesyndication.

Going to be adding more soon.

0
0

Hmmm

Adblock Plus anyone?

0
0

Further support for ABP and NoScript.

I have to echo the above comments about the goodness of AdBlock Plus and NoScript. I've been running both for a couple of years, and I've yet to experience a "drive-by download" type infection. I wish our IT manager would make that setup mandatory for all web browsing here.

0
0
This topic is closed for new posts.