The attackers registered the domain name ADShufffle.com, one letter off from ADShuffle.com, which is an online advertising group, to trick the two ad networks into accepting the ads they had infected with malware. If a user visited a website that was displaying the infected ads, a malicious javascript code in the ad started a drive-by download process which installed malware like "HDD Plus" onto the users machine. Simply visiting the page (not clicking on an ad), infected the visitor.
Some big sites infected by the attack were MSN Real Estate, MSNBC.com, and Windows Live Mail.
A spokesman for Google (owners of DoubleClick), said that the ads only ran for a short amount of time, and that DoubleClick's malware filters picked up on the ads as well.
Incidents like this show the danger of browsing through the internet without any protection. Even without directly interacting with elements on a webpage, this event shows how malicious code can run simply by visiting a webpage. This highlights the importance of using script or ad blockers on website, as they can prevent covert attacks like this from installing malware on a computer.
Incidents like this show the danger of browsing through the internet without any protection. Even without directly interacting with elements on a webpage, this event shows how malicious code can run simply by visiting a webpage. This highlights the importance of using script or ad blockers on website, as they can prevent covert attacks like this from installing malware on a computer.
Posts
I think that this current even is particularly alarming due to the companies that were effected by the malware. One of the most important things we have learned this semester is that nobody is safe when it comes to hacking attempts. MSN and Google are two titans of the "online world", and before this semester I would have never guessed either of these two to be victims of a hacker.
ReplyDeleteIt just goes to show that nothing is truly safe on the internet in today's world. As a user, it is imperative that you always are cautious of the links you click on (whether you are browsing or on your e-mail). Google and MSN are lucky that more has not been made of this whole situation. If a person's computer were infected, I'm sure the companies would be liable.
It is interesting that one difference in a letter of a web address can trick two large companies into accepting malicious advertisements. It surprises me that Adshuffle.com has not purchased all of the closely related website addresses. We went over this in class. Google.com, facebook, and many other websites purchase different variations of their web addresses to prevent hackers from making money off of their name.
ReplyDelete@Blake
ReplyDeleteThe links didn't even need to be clicked. It was actually the script that generated the ads which had the malicious code in it. Browser plugins like AdBlock and NoScript are becoming essential tools when browsing the internet, because they disable scripts (or at least ads) from running on pages to begin with, making websites inherently safer in the process