Tuesday, February 24, 2009

Doubleclick serves up malware. Again.

The web advertisement server company DoubleClick is - once again - inadvertently serving up malware in ads that it hosts.

Google's DoubleClick ad network has once again been caught distributing malicious banner displays, this time on the home page of eWeek.

Unsuspecting end users who browse the Ziff Davis Enterprise Holdings-owned site were presented with malvertisements with invisible iframes that redirect them to attack websites, according to researchers at Websense. The redirects use one of two methods to infect users with malware, including rogue anti-virus software.

So, DoubleClick can't be bothered to check if there's malware in the ads that they serve up to annoy you.

Not that you'd want to prevent any ads from coming your way - with or with out malware - but here's a way to make doubleclick ads go away. Of course, I only describe this for hypothetical use. I'm sure that both my readers are eager for more malware-laden adverts.

For Windows computers:

1. Open a Command Prompt.

2. Change to your C: drive (type "C: ")

3. Type "notepad %systemroot%\system32\drivers\etc\hosts.". This will open up notepad to edit the "hosts" file. We'll add a magical entry to put DoubleClick into a black hole. You'll get something that looks like this:


Remember that there's a % sign on both ends of the word systemroot. Notice the line that says "127.0.0.1 localhost". The IP address 127.0.0.1 is a special address that always refers to the local computer. Every computer that runs IP will recognize this address as being itself. It's sometimes called the "loopback" address, or more rarely, the "home" address.

You may even some day see a guy wearing a T-shirt that reads "There's no place like 127.0.0.1". Pity him.

4. Here's the fun part. We're going to make DoubleClick point to the loopback address. add a line at the end that reads:
127.0.0.1 *.doubleclick.com
5. Save the file. When you save, make sure that it's not saved as a Text file - there's a "Save as type" option where you should pick "All files". This will save the file with the file name "HOSTS" instead of "HOSTS.TXT".

If you're using a laptop from work, you may not have administrative rights to do this. At home, you should be good to go.

Now any time that your browser goes to a we page that references blah.doubleclick.com, your computer will try to connect to itself, instead of to the ad server. Since you don't have a web server on your computer, that link will break (you may see a big red X where the ad was supposed to go).

This technique is 100% guaranteed to prevent you from ever getting malware via a Doubleclick ad.

Linux guys, you'll want to do something uber-elite like:
# cat "127.0.0.1 *.doubleclick.com" >> /etc/hosts
Of course, you didn't need me to tell you that. You don't need to worry about malware from the ads, but this will turn off the annoying adverts.

Mac Users, probably the same as Linux, because OS X is BSD Unix under the hood.



2 comments:

TisDone said...

Though I've tried to avoid blocking ads - thinking it was good to do my part to actually watch them to help keep content free ... I've recently given in to blocking. Instead of adding the links to /etc/hosts on each of my Mac and Linux boxes (4, not counting dual-booting systems) ... I've added them to the "always block" domain list on my opendns.com settings.

What put me over the edge, the talking ads stating "you've been selected for a itouch" ... the talking ad is going to far ...

Borepatch said...

Your way is more elegant than mine, TisDone.

And talking ads are the spawn of Satan.