Banner Ads Used as Hacker Tools

    November 19, 2007

Legitimate sites and their users have been dealing with a rash of malware being spread by banner ads, from Monster to MLB (Major League Baseball) NHL (National Hockey League) and other sites that are delivering malware.

While the Monster dot com exploit is well known news, the MLB and NHL sites are not well known, but used a similar way of purchasing advertising on a web site, and then using that advertising to deliver malware to customers as shown in the video below.

What makes this interesting is that users are going to be easily confused by the whole hacking process, and may not even realize that they have been hacked. Rather they are going to believe the good name of MBL, NHL,, and others, and do what the web site suggests they do. Wired also points out that:

Publishers may be somewhat culpable, too. The distributor of the malware-infected ads is believed to be AdTraff, an online-marketing company with reported ties to the Russian Business Network, a secretive internet service provider that, security firms say, hosts some of the internet’s most egregious scams. AdTraff is believed to have posed as a legitimate advertiser, using its partners as references. The ads were almost always paid for with credit cards or wire transfers, according to Alex Eckelberry, CEO of Sunbelt Software, a provider of security software. Source: Wired

In all if you have a good AV at the gateway this might be spotted, the only real option really is to use some form of ad blocking software at the browser level, which is also going to cause problems, because then you end up with the whole "theft of content" issue if your users use ad blocking software. Unfortunately this is one of the more effective ways of protecting the corporate network, or the home network. This has some serious economic implications to it, and with advertisers not paying attention to quality, and then we end up in another hacker, hacking, user, consumer, company stalemate.