The New York Times reported today that over the weekend an unknown group of people placed a rogue advertisement onto the Web site’s homepage. The malicious ad took over the browsers of many people who visited the site. In a common scheme used by hackers, the users were "invited" to download a program to scan their computer for a virus. The problem was, that the downloadable program was in fact a malicious code that enabled the unknown group to gather information about the user.
This scam highlights how computer criminals are able to make a quick dollar on unsuspecting users. In the article, Mr. Joel Stewart, a director of malware research at SecureWorks, stated that “[t]he development of multimedia ads, mini-applications and social networking tools is far outpacing the speed of the thinking process about the security that goes into those applications[.]” To compound the problem, Web site developers usually do not directly sell their advertising space on sites they develop. The article states that many online ads are sold and distributed through middlemen known as ad networks. As a result, ads can appear on a site that its operators have not directly approved, and they may be pulled into its pages from computer servers that it does not control.
According to security experts, groups that are often based in Russia and Ukraine create the fake antivirus software and then recruit people to help distribute it by giving them a cut of any money made by selling the software. These so-called affiliates can mimic the advertisements of legitimate companies, learn their techniques for submitting ads to networks and sites, meddle with ad servers and then go so far as to provide customer support for people who install the software, keeping the scam running as long as possible. Thus, companies, both advertisers and buyers, must do a better job to vet Web site operators to ensure that proper security and quality controls are in place, so that there are no negative effects that emerge (especially if a business’s lifeline is e-commerce).
To read the full article, please click here: Times Web Ads Show Security Breach