bit-tech.net

Google used to distribute malware

Google used to distribute malware

The popular conservative site DrudgeReport found itself offering malware to its users via Google's DoubleClick service.

Google has become the latest vector for ad-based malware distribution after its DoubleClick advertising arm became a delivery mechanism.

As reported over on The Register, Google's advertising arm started offering adverts which lead to malware sites attempting to take advantage of holes in Microsoft's DirectShow and the JavaScript engine in Adobe's Acrobat Reader.

The affected adverts - which were also distributed by the Yahoo-owned Right Media as well as FastClick - caused the Win32/Alureon Trojan to be installed onto machines which had not yet had the required patches installed. During the three days in which they were available, web filtering specialist ScanSafe claims that the adverts accounted for 11 percent of all pages blocked by their service.

Indeed, the list of affected sites - while small - is a veritable Who's Who of the Internet: conservative news site DrudgeReport, popular psuedo-predictive site Horoscope.com, Slacker.com, and Lyrics.com.

These is far from the first time an advertising service has been thought responsible for seemingly trustworthy sites offering up malware: the New York Times, possibly one of the most popular destinations for web surfers in the US, has suffered from a similar problem, and automated SQL injection attacks have lead to numerous popular sites being infected.

Perhaps most interesting about this particular incident is Google's response regarding the attack: while a spokesman did confirm that a security monitoring system designed to pull malicious and damaging adverts such as these was in place, the company put the onus on the sites themselves claiming that "publishers are in control of what content they are service and are therefore ultimately responsible for determining what advertising appears on their site," seemingly accusing the companies of not performing due diligence before "[approving] the content that goes on to the site before it is introduced into DoubleClick's servers."

Do you believe that Google has a point and that it's up to individual websites to vet the adverts that will appear, or is the entire point of using a supposedly trusted advertising broker that you should be protected from this sort of attack? Share your thoughts over in the forums.

10 Comments

Discuss in the forums Reply
l3v1ck 29th September 2009, 11:18 Quote
Quote:
Do you believe that Google has a point and that it's up to individual websites to vet the adverts that will appear, or is the entire point of using a supposedly trusted advertising broker that you should be protected from this sort of attack?
The later. If I ran a website that used adverts, I'd expect the company providing the adverts (ie Google) to vet them first. That's what they're being paid to do.
perplekks45 29th September 2009, 11:37 Quote
Exactly my thoughts. If you have a company supplying you with ads, you have to be sure that they check them before.
Mentai 29th September 2009, 11:51 Quote
What a crap statement from Google, the onus is entirely on them as far as I'm concerned.
pizan 29th September 2009, 14:34 Quote
Still though how long ago were the patches for these released?
ssjaj 29th September 2009, 18:57 Quote
Considering Google has millions of advertisements, expecting them to sift through every single one of them is ludicrous. I would like to think they have a system in place to sniff the sites as they would for the search engine, but a cleverly coded site could very well avoid detection. Especially when the site is designed to be stealthy with its delivery.

Personally for all the good Google has done, they are certainly merited a few slips. Things like this are what increase security and scrutiny of policies.
thehippoz 29th September 2009, 19:34 Quote
Shagbag 29th September 2009, 20:30 Quote
Quote:
Originally Posted by pizan
Still though how long ago were the patches for these released?
Exactly. The www is a hostile place and the onus is on everyone to make sure it's as safe as it possibly can be.
crazyceo 29th September 2009, 22:22 Quote
Ladies and Gentlemen of the Jury.........................I rest my Case!
B3CK 30th September 2009, 02:18 Quote
As to google's response, I would have to read their agreement for the use of their ads service.

To blame, however, would be the end user for not keeping their own systems up to date.
xprodancer 30th September 2009, 02:23 Quote
to be frank with everyone! its google and whatever company that is using the add's fault they should both be scanning the add's not just using them on there website!
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums