Traditionally, we thought malware spreading ads were relegated to the sketchy dark corners of the Internet. Lately though, malware spreading ads have increasingly popped up on sites such as eweek.com, bostonherald.com, and foxnews.com. How is this happening?
In this case, it’s not a vulnerability on the sites in question. The attackers have turned their attention to the ad networks themselves. In some cases, attackers are submitting ads to the ad networks and having them served. In some other cases, it seems that the ad networks are suffering from vulnerabilties that are being exploited, allowing the attackers to insert malicous code into otherwise legitmate ads.
The malicious ads are doing a variety of different things to attack the end user. The most recent one makes a popup that looks very much like the real Windows Security Center, detailing that your system is infected with some large number of trojans and viruses. The ad claims that it can ‘fix’ your system by installing a tool. Ads have also been seen that were sending a PDF that contains exploits for the recent Adobe Acrobat vulnerabilties.
The best defenses against these attacks are following the tried and true measures. Make sure your OS, browser, and all software is as up to date as possible. Using anti-virus software, as well as regular anti-malware/spyware scans will also help. Consider using a tool such as Secunia PSI, to help make sure 3rd party aps are up to date. Always use safe browsing sensibility, don’t click on anything suspicious, even if it’s from a website you would normally trust. Remember, there are no safe websites.