SANS Warning – Active Banner Ads

Looks like my HOSTS file got a mention yesterday from SANS Internet Storm Center – warning about the evils of Active Banner Ads. Although I would disagree with the following:

The innocent-looking ad contains javascript that re-directs the browser to a compromised bot, which in turn re-directs the browser to the final malware page.  Thus, a website blocking any ads linking to or winfixer won’t help.

Well at some point the malicious site must link back to systemdoctor/winfixer in order to attempt to install their software, and this is where the HOSTS file will block that attempt …

Leave a Reply