Monday, August 18, 2008

All the Malware that's fit to print

Looks like Newsweek (and the Washington Post) has been unwittingly serving up malware in banner ads.
The ads redirect users to a site that falsely claims users' PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange.
Remember, kids - "Free download" is high tech speak for "open your mouth and close your eyes."

It's not just them, either:
Newsweek joins a growing list of name-brand websites accused of exposing its readers to dangerous ads. Last week, we reported on a new breed of ad that used malicious Adobe Flash code to hijack the clipboard of users' PCs. MSNBC.com, Digg.com and other websites were said to be running the abusive ads.
One risk that we don't often think of is that the media is so panicked about their collapsing business model that they may take an ad from anyone, even without an agenda (see Betrayus, General). We've got a plausible vector here, especially for targeted attacks.

So remember the rules of safer browsing, be smart when you download, and get your security news from sites that don't have ads, like (ahem) this one.

No comments: