The standard computer security advice about “Be careful where you click” might not protect you from the latest online threat: banner ads that hijack your browser and instruct you to download software to clean up a computer infection.
These ads aren’t running solely on spammy sites: they’ve been spotted on some highly reputable pages, including The Economist and baseball fans’ favorite go-to site, MLB.com. They’ve been placed there using the DoubleClick web advertising service, and they’re causing havoc throughout the net.
If you’ve seen any of the ads, you may have experienced something like this: You’re on a legitimate site. Your browser window closes down. A new browser window comes up, redirecting you to an antivirus site, while a dialog box comes up telling you that your computer is infected and that your hard drive is being scanned. The malware tries to download software to your computer and scans your hard drive again. (Here’s a video demonstration of the rogue ads.)
The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, which appear to be triggered at preset times or at selected Web domains.
DoubleClick is working to locate and remove the ads that circumvented its security measures and says they’ve recently removed over a hundred rogue ads from their service.
Google is battling both in the U.S. and in Europe to defend its efforts to buy DoubleClick for a reported $3.1 billion.