Tuesday, September 29, 2009

Advertising Security

Last weekend, the New York Times website suffered a security breach through advertising. According to an article on the Times website regarding the breach, "an unknown person or group sneaked a rogue advertisement onto the web site's pages." Much like the advertisements RR mentioned in his post on September 20, these ads informed users that their computers were infested with viruses, and that they needed to purchase antivirus software to protect themselves.

According to the Times, ads on any website are generally approved either by the owner of the web site itself, or by ad networks, the middlemen of the advertising world. When the Times staff was informed of malicious pop-ups, they immediately stopped displaying ads from these ad networks, but the ad in question had in fact been approved by the advertising department of the Times itself -- by posing as a legitimate ad for Vonage. The ad even "initially appeared as real ads for Vonage" before switching to the malicious ad.

The Times does not believe at this time that the software the ad offered to install was inherently malicious, so much as a kind of snake oil. The Times also received a large number of complaints regarding the ads, implying that a large proportion of the Times's audience was internet savvy enough not to immediately install any antivirus program they are offered.

The cause of this breach is interesting. The group of hackers didn't only pose as a legitimate company, but as Vonage, a well-known company with whom the Times had a long-standing relationship. Because of this relationship, the ad was passed directly by a member of the Times' advertising staff. As a result, the ad stayed up for a few extra hours over the weekend, while the staff at the Times was occupied with the ads approved by ad networks.

The Times did a good job of responding to the breach. They did not go as far as The Register in the UK, which "took down all its ads for several days" following a similar breach. However, the Times did address the complaints of their users quickly, taking down first the ad network ads, and then the directly approved ads. The readership of the Times was informed almost immediately (the story itself was posted on the Monday following the events). The Times article also attempted to explain exactly what the software was likely to do, and what readers could do to remove it. Finally, in the article, The Times stated that it would be enforcing new advertising policies to prevent future occurrences.

Source:
http://www.nytimes.com/2009/09/15/technology/internet/15adco.html
Posted by Michelle at 9/29/2009 02:05:00 PM

3 comments:

  1. DTAOctober 4, 2009 at 6:06 PM

    I thought this was an interesting article because it addressed a new type of virus attack that I was not really aware of. The article noted that individuals from Eastern Europe generally create these viruses and then recruit individuals to help spread the virus and fake antivirus software in return for a cut of the money. While I'm not expert on this sort of thing, it seems rather impressive that the hackers were able to have the website actually approve their ad by disguising it as a "Vonage" ad. Also, it seems to me that many of these malicious computer attacks are started or based in Eastern Europe and I'm curious to know if that is just a coincidence or if those countries do less monitoring of these illegal activities?

    ReplyDelete
  2. LlontopOctober 5, 2009 at 7:54 PM

    It's interesting, because I received this exact kind of attack on my computer, and for the life of me, I could not figure out where it was coming from, but I guess it's not so much a mystery anymore, haha. Fortunately, I was able to get rid of the malware, but it did take a while (my computer is not acting up anymore, and I haven't seen these pop ups anymore). While I did notice that these pop ups weren't normal, I think that they would be rather successful in fooling less internet-savvy users. The malware itself takes the form of what appears to be an anti-virus scanning program called Windows Antivirus Pro, which is modeled after legitimate antivirus scans, so it's no wonder that some people are tricked into downloading the malicious software.

    As DTA said, it is kind of surprising that the hackers were able to get their 'ad' approved by the NY Times, and this goes to show that hackers are becoming more sophisticated in their exploitations. It is becoming especially more important to be able to recognize these threats, know that they exist, and proceed with caution, while continuously updating your security software programs, but not completely relying on them.

    ReplyDelete
  3. RLDecember 18, 2009 at 12:37 PM

    I agree. The Times did just about as good of a job at damage control as possible. Their immediate disclosure of the breach was also admirable, since many of the site's users could have been turned off by this type of error. However, I think the Times did a good enough job of explaining how the events occurred for its users to realize that there was basically nothing that could have been done to prevent it. Perhaps now the Times ad approving staff will be more stringent when following up ad requests.

    ReplyDelete

Subscribe to: Post Comments (Atom)