Monday, March 22, 2010

Dealnews Ad Feed Hit With Malware

On March 19th, an ad served by Dealnews.com's third party ad service started distributing FakeAV malware. Dealnews response is below:

"Updated: An ad served from a major third-party ad server generated "virus warnings" when those ads were viewed on dealnews, as several readers found. The ad has been disabled, eliminating any threat. In at least some cases, the ad attempted to download an ".exe" file and execute it, which is what caused the virus warnings. If you visited dealnews since Friday, use a Windows PC, and are concerned about this possibility, we suggest that you run an anti-virus check. We apologize profusely for any inconvenience.

We are deeply troubled by even the possibility that any of our readers' computers could be affected, and we're working hard to put processes in place to prevent such incidents from happening in the future. Thank you to the readers who alerted us of the warning from their antivirus software."

Until ad networks vet code more thoroughly, users will have to continue to protect themselves by using NoScript, a sandbox program, or through some other method of protecting their browser from attacks. The slow update cycles for browser plugins continues to make them a threat for most users.

No comments: