The DoubleClick attack and the rise of malvertising

Cyber criminals get malicious hooks into multiple ad networks, including Google's, putting visitors to its vast clientele in jeopardy

Visitors to the multitude of sites using Google's DoubleClick, and likely other advertising networks, may have found themselves the target of online attackers in early December after cyber criminals managed to fool a number of advertising networks into pushing ads that linked to a malicious site, security firm Armorize said on Friday.

The company first detected that the ads were sending users to a drive-by download site on Dec. 2, said Wayne Huang, president and co-founder of Armorize. Because the ads did not consistently appear, it took until Dec. 8 for the company to pinpoint the specific ad, he wrote in a blog post. While many malicious ads attempt to fool the user into downloading, say, rogue security software, the variant in the advertising network attempted to exploit unpatched flaws.

"The one that we detected served by DoubleClick is a lot more powerful," Huang says. "It is malvertising, but it is leveraging a drive-by download process."

Malicious software being served from legitimate sources has become a major problem. In 2010, nearly 90 percent of Web-based attacks started from a legitimate site, according to security firm MessageLabs, part of Symantec.

"There used to be a time when ... the well-behaved and educated surfer was pretty safe," Dan Bleaken, senior malware data analyst for Symantec Hosted Services, wrote in July. "Today, this is no longer the case."

The latest attack installs a variety of programs, including HDD Plus, which appears to be a disk optimization program, but in reality steals control of the users computer and requests payment to "fix" the problems.

The attackers managed to convince DoubleClick that ads from (note the extra "f") were legitimate. The appearance of attacks on non-DoubleClick-served sites suggests that other advertising networks were fooled by the attackers as well.

This article, "The DoubleClick attack and the rise of malvertising," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.