funsec mailing list archives
RE: Some Ad Networks Are Bad News
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Mon, 12 Nov 2007 22:03:21 -0500
is this really news?
Actually it is news. While DT has not always been viewed as the shining light on the hill in terms of its practices, it's rare to see them near in this kind of stuff. We have a call with them tomorrow to try and understand exactly what happened. They claim complete innocence, but putting that aside, it did appear to be an accident. I'll hear them out to see exactly what their position is, and share it with the list if that's desired. As Dude VanWinkle mentioned, DT is quite ubiquitous. Avoiding them is pretty hard.
let's also not forget that ad's themselves are viral in nature.
Well, ok, but the idea is that something like the malwarealarm ad running is more than just a little duplicity on the part of a marketer... Example: hxxp://scanner2(dot)malware-scan(dot)com/9_swp/scan.php That's what was being served. Incidentally, Larry Seltzer gets the credit for having found this in the wild. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of silky Sent: Monday, November 12, 2007 9:12 PM To: Dude VanWinkle Cc: funsec () linuxbox org Subject: Re: [funsec] Some Ad Networks Are Bad News is this really news? story @ 11: you are only secure as your weakest link. orly? let's also not forget that ad's themselves are viral in nature. tricking us into trusting the products they promote so that they can exploit our wallets ... On 11/13/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
On Nov 12, 2007 7:53 PM, Paul Ferguson <fergdawg () netzero net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nice article, Larry. :-) Via eWeek. [snip] You wouldn't go surfing to just any site. You're careful about where
you go. You only go to sites you trust. But who are you trusting? A series of recent attacks has resulted in
seemingly respectable news sites serving malware and redirecting users to sites that serve malware. The problem is in the ads on those news sites. The ads are served by
advertising networks that weren't careful enough with their own
security.
When you trust a Web site you have to trust everyone it's in bed
with.
[snip] More: http://www.eweek.com/article2/0,1759,2215305,00.asp Also, here's an accompanying article by Lisa Vaas on DoubleClick serving up malware ads: http://www.eweek.com/article2/0,1759,2215635,00.asphmm, doubleclick serving up malware ads.. funny that this is the link on the ziffdavis atricle :-) http://ad.doubleclick.net/click;h=v8/3609/0/0/%2a/q;137016197;0-0;0;84 02494;3030-160/90;22613468/22631351/2;;~okv=;pos=top;zdid=a219243;zdty pe=commentary;zdaudience=creativeprofessional;pagetype=article2;zdtopi c1=securityopinions;tile=2;sz=160x90;~sscs=%3fhttp://clk.atdmt.com/MRT /go/zffdvity0180000043mrt/direct/01/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- mike http://lets.coozi.com.au/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Some Ad Networks Are Bad News Paul Ferguson (Nov 12)
- Re: Some Ad Networks Are Bad News Dude VanWinkle (Nov 12)
- Re: Some Ad Networks Are Bad News silky (Nov 12)
- Re: Some Ad Networks Are Bad News Dude VanWinkle (Nov 12)
- Re: Some Ad Networks Are Bad News silky (Nov 12)
- Re: Some Ad Networks Are Bad News Dude VanWinkle (Nov 12)
- Re: Some Ad Networks Are Bad News silky (Nov 12)
- Re: Some Ad Networks Are Bad News silky (Nov 12)
- Re: Some Ad Networks Are Bad News Dude VanWinkle (Nov 12)
- RE: Some Ad Networks Are Bad News Larry Seltzer (Nov 12)
- RE: Some Ad Networks Are Bad News Alex Eckelberry (Nov 12)
- RE: Some Ad Networks Are Bad News Larry Seltzer (Nov 12)
- Re: Some Ad Networks Are Bad News Brian Loe (Nov 12)
- Re: Some Ad Networks Are Bad News silky (Nov 12)
- A recent candidate to the Darwin Award Remo Cornali (Nov 13)
- Re: A recent candidate to the Darwin Award Brian Loe (Nov 13)
- <Possible follow-ups>
- Re: Some Ad Networks Are Bad News Paul Ferguson (Nov 12)
- Re: Some Ad Networks Are Bad News Daniel H. Renner (Nov 13)
- Re: Some Ad Networks Are Bad News Gadi Evron (Nov 13)
- Re: Some Ad Networks Are Bad News Valdis . Kletnieks (Nov 13)
- RE: Some Ad Networks Are Bad News Adam Thomas (Nov 13)
- Re: Some Ad Networks Are Bad News Gadi Evron (Nov 13)