Hijacked by Banner Ads?

by Venomous Kate

The standard computer security advice about “Be careful where you click” might not protect you from the latest online threat: banner ads that hijack your browser and instruct you to download software to clean up a computer infection.

These ads aren’t running solely on spammy sites: they’ve been spotted on some highly reputable pages, including The Economist and baseball fans’ favorite go-to site, MLB.com. They’ve been placed there using the DoubleClick web advertising service, and they’re causing havoc throughout the net.

If you’ve seen any of the ads, you may have experienced something like this: You’re on a legitimate site. Your browser window closes down. A new browser window comes up, redirecting you to an antivirus site, while a dialog box comes up telling you that your computer is infected and that your hard drive is being scanned. The malware tries to download software to your computer and scans your hard drive again. (Here’s a video demonstration of the rogue ads.)

The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, which appear to be triggered at preset times or at selected Web domains.

DoubleClick is working to locate and remove the ads that circumvented its security measures and says they’ve recently removed over a hundred rogue ads from their service.

Google is battling both in the U.S. and in Europe to defend its efforts to buy DoubleClick for a reported $3.1 billion.

10 Responses to “Hijacked by Banner Ads?”

  1. I use AVG Free and it asks me to approve any registry changes, which is how most browser hi-jacking occurs. I already have DoubleClick and other ad sites on my block list because some of the ads are just plain obnoxious.

  2. Haven’t run across these yet, thank goodness. What I have been running into is LINKWORTH’s site timing out and causing HUGE timeouts and slowness on mine. Wish they’d get it sorted out!

  3. I’ve ran across it. Last week while C was in the hospital and I wasn’t able to go to work, some fool downloaded and ran something on one of my lab pcs. I’ve just finished downloaded a bunch of security software to my flash drive – I’m ready to go in today and tackle the infestation.

  4. I’m wondering if that’s what took down VH’s computer repeatedly, too, since he visits the MLB site daily.

  5. I’ve always thought doubleclick was the GD devil. Now I’m sure. I don’t buy for one skinny minute that these are “rogue.” I ALSO thought these damned hijack threats were sooo 1994. I guess not.

    I’ll reserve my comments on Google, but I’m starting to feel that Huge Conglomerate itch.

    Finally – did you see that the author of the video has a product that will help with such hijacking?

    He has “LinkScanner” (I couldn’t leave the link because it was stripped).

  6. I never see doubleclick ads. I’m not sure if this is something the ISP is blocking or the firewall we have. I’ve always been annoyed that I couldn’t see the ads, because pages look horrible when I see “can’t display site…’ everywhere. Now I’m thankful that I don’t see them!

    Thanks for sharing.

  7. I’ve gotten those pop ups at various times for ever and ever. Now suddenly they are new and a problem? (well – I always consider pop ups or pop unders a problem… but I don’t click on them – sheesh)

    Where have these people been? I don’t visit “off the wall sites” or porn sites or anything like that. I use Firefox (although I don’t use the ad blocker – cause I just don’t look at the ads) So when this story started making the rounds, I must admit to complete confusion.

    I suppose someone “important” finally complained and NOW it’s an issue. *sigh*

  8. It’s an issue because most of the time the sites doing such dirty deeds were NOT so high-visibility sites such as MLB. IMHO, MLB SHOULD behave as a reputable site owner and not engage in such underhanded techniques.

    But what do I know?

  9. It wasn’t MLB’s fault. They signed up for DoubleClick ads. DoubleClick tries to ensure the ads are secure. This form of ads managed to get around their security measures.

  10. Trackbacks