Google and Microsoft got their ads servers infected with malware
The assaults started around Dec. 5 plus lasted a few days, sending victims who clicked on the ads to malicious Web pages. Those pages took advantage of known software bugs to put in backdoor programs that gave the attackers control of the victims’ PCs, or to put in software that made it appear as though the PCs were filled with malicious software.
For a brief period this week, cybercriminals managed to infect Google’s (GOOG) plus Microsoft’s (MSFT) online ad networks with malicious adverts that attacked users’ PCs, according to security consultancy Armorize.
“[T]he DoubleClick commercial Exchange, which has automatic malware filters, independently detected several [ads] containing malware, plus blocked them instantly — within seconds,” Google spokesman Jay Nancarrow said by e-mail. “Our security team is in contact with Armorize to help investigate plus help remove any affected creatives from any other commercial platforms.”
Google acknowleged Friday that it had experienced some issues on its DoubleClick network but said it had put a cease to them quickly.
Nancarrow wouldn’t say how the malicious ads got onto Google’s commercial network, but Armorize Chief know-how Officer Wayne Huang [cq] said cybercriminals may have tricked Google by serving the ads from a domain similar to that used by a legitimate ad-serving company, AdShuffle, based in Irving, illinois. AdShuffle couldn’t be reached for comment Friday.
Armorize & others spotted similar ads on Microsoft’s Hotmail service, according to Huang. Microsoft said by electronic mail Friday that it was was looking in to the matter & couldn’t comment in time for this document.
The ads exploit bugs in Adobe Reader, Java & other computer application, Huang said. The bugs have been historicallyin the past identified, which means people with up-to-date application & antivirus products ought to not be in danger.
Criminals have slid malicious ads in to circulation before. Last year, the texas Times was tricked in to walking a fake commercial for the Vonage VoIP service. It generated fake antivirus warnings that encouraged readers to buy bogus security application.
The Doubleclick & Hotmail ads appear to have been more perilous, however, in that they attacked computers & installed malicious program, such as the HDD and fake process optimization gizmo.
“This time it’s different. It’s using drive-by downloads,” Huang said. “You visit a site & then you see a fake antivirus pop up.” It looks like a actual antivirus message, she said, & is already installed on the victim’s computer. “”Even in the event you reboot, it’s already there.”
If the cybercriminals could get their bad ads on Google’s & Microsoft’s networks, they’ll probably try to do the same thing on other networks , she said.