Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: please be extremely cautious when visiting digitalspy.co.uk

July 20th 2009 in Uncategorized

There are malvertizements being displayed on digitalspy.co.uk that attempt to take advantage of various security vulnerabilities.  Research and evidence-gathering is happening as I type, and the appropriate parties will be contacted on an urgent basis.

For the time being, be extremely cautious when visiting the web site.  There is a thread warning of malicious content that started back on 30 May 2009 which I found, coincidentally, while researching antventure.com.

I’ll post more information soon.

BTW, the incident is technically identical to the yieldmanager incident that I reported on a few days ago, but there are a few new domains in the mix – no antventure.com but there is a visually identical advertisement featuring Expedia, and an Acer advert, and an iPhone advert and one for contact lenses.

2 comments to...
“ALERT: please be extremely cautious when visiting digitalspy.co.uk”

James Welsh


Digital Spy suffered a malware attack on US and Australian traffic yesterday.  We have turned off all but Google AdSense serving to international territories.

The previous attack on May 30 affected our UK traffic and was resolved shortly thereafter.

We appreciate any and all assistance on this.

Here is our official statement:

Our advertising operations team were able to successfully reproduce the issues raised by three of our visitors from America and Australia and put into place our new procedures to shut the malware-infected creatives down immediately.

We have been informed by our advertising exchange supplier that other websites operating in these territories experienced the same problem.  This attack was, sadly, not confined to Digital Spy.

We are taking this incident, which did not affect our UK traffic, extremely seriously.  Digital Spy is a global website and our international business is very important to us.  We expect the same guarantees of safety for UK and non-UK visitors alike and are appalled that despite the implementation of all practical safeguards within our own procedures – which resulted in a swift removal of the problem from our pages – a third party was able to attack us for a second time.  We are instituting a full review of our advertising arrangements and are engaging with the advertising industry, as a global publisher, to find a solution to this worldwide problem.

Attacks such as these have the potential to harm users, publishers and advertisers alike, damaging the internet’s entire content delivery ecosystem.  They must not be permitted to continue.


Hello James,

Please contact me at sandi @ mvps _dot_ org and I will do all I can to assist you.

Best wishes,


  The SWF advertisement pictured above retrieves content from the domain adburau.net.  That content is yet another SWF.  At time of writing, the SWF downloaded from the domain adburau.net was a single frame SWF with no images, or shapes, or fonts, or texts, no sounds, or videos, or buttons, or sprites, […]

Previous Entry

My apologies for the delay.  For what its worth, I received an email within 3 hours of my report to the ad network in question, advising me that the malicious creatives had been identified and deactivated. So, now to the details.  Technically, the incident was very similar to that which I wrote about here, […]

Next Entry