It was not for nothing that I led our 2007 Internet security retrospective and 2008 cyber storm forecast with a look at how online crooks are increasingly lurking on high-traffic sites to ensnare new victims. According to security researchers, banner ads that try to install malicious programs are running on social networking site MySpace.com and search portal Excite.com.
If you happen to visit the MySpace Chat Forums without the benefit of the latest security updates for popular Web browsers and media player plug-ins (think Macromedia Flash, QuickTime, e.g.), your Windows machine is likely to get a kitchen sink full of malware crammed down its gullet. According to analysis by malware researcher Adam Thomas at Sunbelt Software, malicious banner ads on MySpace are pushing down some of the most nefarious and difficult-to-remove adware and spyware around, including Virtumonde, WinFixer, and ClickSpring, as well as a bunch of Trojan horse programs that are very poorly identified and detected by anti-virus programs at the moment.
In related news, Sandi Hardmeier, a Microsoft MVP and security researcher who blogs about the latest spyware threats, found malicious Shockwave Flash content embedded in banner ads running on search portal Excite.com. Hardmeier said the ad redirects the user to to a page that tries to install “PerformanceOptimizer,” a scareware program that reports false or exaggerated system security threats on the user’s computer, mainly in an attempt to get them to buy even more worthless software to clean up the supposed security problems.
As I’ve noted before, Web sites and ad networks need to do a far better job policing their networks for this type of malicious content. But because much of the current policing for evil stuff in ads is done in an automated fashion, the threat from malware-tainted banner ads on major sites is unlikely to disappear anytime soon. This is a perfect example of why it is so critical for Windows users not to delay installing security updates for all software applications, not just the operating system and the Web browser.
This also gives me another opportunity to plug Firefox in place of Internet Explorer for safer browsing, not just because a far larger share of exploits target IE users, but also because of Firefox add-ons like “noscript” that can help mitigate the damage from attacks like this (almost all of the malicious code in the banner ads was Javascript-based).
Security Updates for Flash, OperaNew Firefox Browser Fixes Seven Security HolesNew Nasty Hides From Windows, Anti-Virus ToolsBlogspot Blogs Help Spread Storm Worm AttacksBarbara Moratek Is Not Your Friend