Flash ads bearing malware plague popular sites

Scott dunn By Scott Dunn

A Flash-based advertisement that appeared last week on the USA Today site downloaded malicious code to users’ computers, generating erroneous warnings of a malware infestation and offering a phony solution.

The Flash vulnerability isso widespread that such “malvertisements” may be present on thousands of sites, but there are measures you can take to reduce your exposure.

Just opening the page puts you at risk

Visitors to USAToday.com last Thursday got more than they bargained for. A hacked Flash advertisement meant that merely viewing a page in your browser was capable of triggering a malware attack on your PC. According to an alert on the security site Websense, the ad can take control of the browser without any user interaction at all.

Two days after the ad appeared on the USA Today site, two prominent Utah-based news sites, DeseretNews.com and SLTrib.com, were found to have similarly dire banner ads. These ads directed users to various unexpected locations, including the site for AntiSpywareMaster. This destination has been called a “corrupt anti-spyware parasite” and a “fake program” by the RDV Group, a safe-computing organization.

News sites aren’t the only victims of what Sandi Hardmeier, who authors the blog Spyware Sucks, calls “malvertisements.” The ads themselves may appear perfectly harmless, notes Hardmeier, who’s been recognized as an MVP (Most Valued Professional) by Microsoft. “The criminals behind such malvertisements . . . have no shame,” she writes, “impersonating everything from WeightWatchers to Oxfam.”

Advertisements are not the only source of the problem. The principal conveyors of this malicious code are Flash animations (or .swf files), which are commonly used to create intro screens, online video, and other Internet content in addition to Web ads.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2008-04-17: