Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malicious banner adverts .. they haven’t gone away

December 18th 2007 in Uncategorized

Good morning everybody.

Thing have been quiet on this blog with regards to malicious Flash advertisements, but that doesn’t mean that nothing has been happening – on the contrary – there has been a lot going on behind the scenes.

Good news is that the malicious SWF implicated in the soccernet outbreak (content owned by adtech.de and distributed by Akamai in the soccernet incident) is no longer being distributed, although it is still accessible via direct URL – I class that as kind of a half win – I’d much prefer the SWF to be moved completely out of public view.

It is interesting to contrast the steps that Akamai and adtech.de have taken by simply stopping distribution with the steps that Sensis took when they were hit – not only did they immediately stop distribution of the advertisement, they also made sure it could no longer be accessed online.

Now, to keep things interesting, Mike Burgess (another MVP) has been focusing on a USA based network that is hosting actual malicious files and trying to get the network to stop distributing winfixer type applications.

Mike Burgess has comprehensive information about the malware being hosted by LimeLight, and his efforts to get the company to take down the content, to no avail:

Limelight Networks serving up Malware (December 5):

LimeLight Networks and connecting the dots (December 7)

More malware found at Limelight Networks (December 16)

Limelight distributes hundreds of Rogue Antispyware products
(December 17)

So, for the time being, our focus should be campaigning to get LimeLight to stop distributing malware.  Of course, I continue to be on the lookout for malicious advertisements as well.

Mike’s comment that LimeLight’s “partners” may not appreciate being associated with malware, and that they should perhaps be made aware of Mike’s discoveries, is a very interesting one.  All’s fair in love and fighting malware.

Mike’s blog is well worth subscribing to. He’s as passionate about stopping the distribution of malware online as I am, and he has a lot of information about things such as fake video codecs and what not.


2 comments to...
“Malicious banner adverts .. they haven’t gone away”


There’s only one way you’re going to get malfeasors to stop distributing malware: slap them with a lawsuit (or, better yet, slap the cuffs on ’em).

Mike Nolet

I’m really not sure what pointing fingers at CDNs such as LimeLight accomplishes. A CDN is a dumb service that provides companies with a global footprint for delivering static content — decreasing latency & increasing bandwidth.

Every ad-partner delivers static content (JPGs, SWFs, etc.) via a CDN. The CDN isn’t the distributor, it’s just a dumb middle layer between consumer and a static file. It isn’t, nor should it be the CDNs job to control content that gets delivered via it’s network. They don’t actively _push_ content out to consumers, consumers pull the content when somebody else is linking to the malicious SWF files — they’re the guy you want to point fingers at and stop. You cut out LimeLight, the files will be hosted elsewhere within minutes (if they aren’t already).

Hi all,
You may have noticed that my Me.dium widgets (both here and on ie-vista) are blank.
I received an email late on Sunday night warning me that the Me.dium widget at www.ie-vista.com had offered to a visitor to my site the URL for the orientalorgy domain.  The content offered by the URL was pretty hard core […]

Previous Entry

As we know, there have been reports of some IE6 users running Windows XP SP2 having problems accessing web pages after installing the December IE Cumulative Update – IE stops responding.
The problem has apparently been restricted to some customised installations.
A Knowledgebase article has been released that discusses the problem, and the fix (modifying the registry).

Next Entry