SANS Warning – Active Banner Ads

Looks like my HOSTS file got a mention yesterday from SANS Internet Storm Center – warning about the evils of Active Banner Ads. Although I would disagree with the following:


The innocent-looking ad contains javascript that re-directs the browser to a compromised bot, which in turn re-directs the browser to the final malware page.  Thus, a website blocking any ads linking to systemdoctor.com or winfixer won’t help.


Well at some point the malicious site must link back to systemdoctor/winfixer in order to attempt to install their software, and this is where the HOSTS file will block that attempt …



Leave a Reply

*