RE: Some Ad Networks Are Bad News

["Alex Eckelberry" <AlexE () sunbelt-software com>]

> is this really news?

Actually it is news.  While DT has not always been viewed as the shining
light on the hill in terms of its practices, it's rare to see them near
in this kind of stuff. 

We have a call with them tomorrow to try and understand exactly what
happened.  They claim complete innocence, but putting that aside, it did
appear to be an accident.  I'll hear them out to see exactly what their
position is, and share it with the list if that's desired. 

As Dude VanWinkle mentioned, DT is quite ubiquitous. Avoiding them is
pretty hard.  

> let's also not forget that ad's themselves are viral in nature.

Well, ok, but the idea is that something like the malwarealarm ad
running is more than just a little duplicity on the part of a
marketer...

Example:

hxxp://scanner2(dot)malware-scan(dot)com/9_swp/scan.php

That's what was being served.

Incidentally, Larry Seltzer gets the credit for having found this in the
wild.


Alex
 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of silky
Sent: Monday, November 12, 2007 9:12 PM
To: Dude VanWinkle
Cc: funsec () linuxbox org
Subject: Re: [funsec] Some Ad Networks Are Bad News

is this really news?

story @ 11: you are only secure as your weakest link.

orly?

let's also not forget that ad's themselves are viral in nature.
tricking us into trusting the products they promote so that they can
exploit our wallets ...




On 11/13/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
> On Nov 12, 2007 7:53 PM, Paul Ferguson <fergdawg () netzero net> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Nice article, Larry. :-)
> >
> > Via eWeek.
> >
> > [snip]
> >
> > You wouldn't go surfing to just any site. You're careful about where

> > you go. You only go to sites you trust.
> >
> > But who are you trusting? A series of recent attacks has resulted in

> > seemingly respectable news sites serving malware and redirecting 
> > users to sites that serve malware.
> >
> > The problem is in the ads on those news sites. The ads are served by

> > advertising networks that weren't careful enough with their own
security.
> > When you trust a Web site you have to trust everyone it's in bed
with.
> > [snip]
> >
> > More:
> > http://www.eweek.com/article2/0,1759,2215305,00.asp
> >
> > Also, here's an accompanying article by Lisa Vaas on DoubleClick 
> > serving up malware ads:
> >
> > http://www.eweek.com/article2/0,1759,2215635,00.asp
>
> hmm, doubleclick serving up malware ads.. funny that this is the link 
> on the ziffdavis atricle :-) 
> http://ad.doubleclick.net/click;h=v8/3609/0/0/%2a/q;137016197;0-0;0;84
> 02494;3030-160/90;22613468/22631351/2;;~okv=;pos=top;zdid=a219243;zdty
> pe=commentary;zdaudience=creativeprofessional;pagetype=article2;zdtopi
> c1=securityopinions;tile=2;sz=160x90;~sscs=%3fhttp://clk.atdmt.com/MRT
> /go/zffdvity0180000043mrt/direct/01/
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.


--
mike
http://lets.coozi.com.au/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.