A server belonging to a major online advertising company has been hacked and used to infect computers visiting otherwise ‘trusted’ websites through the embedded ads.  24/7 Real Media Inc, the advertisers in question, have so far refused to comment on the issue.

24/7 ads are thought to have reached up to 50 % of all American web users last month, as well as many more abroad.  It’s not known how many of those suffered the results of this hack. 

The workings of the attack are explained by Computerworld.  The infected ads first check if the computer is running the vulnerable combination of Windows, Internet Explorer and Realplayer (three programs famous for letting the real world do their virus-testing for them). 

If successful, the malicious content disables the computers antivirus features and sends them to an untrusted site.  This is the computer equivalent of blindfolding and handcuffing someone then pushing them down a dark alley with the words "I carry large quantities of cash" written on their chest.

This scale of this attack and the methods employed demonstrate the size of the problem facing modern designers.  The old image of the virus-writing teen is long dead – they’ve grown up and they work for fully equipped businesses.  This hack was planned by people sitting around a table, this is their entire job. Right now there is someone looking at a bar graph marked "Number of hits = money I make" and wondering how to make it go higher.

Many users aren’t ware of just how vast the sea of spam and malware their browsers and e-mail clients swim through is.  They may dimly understand that going off hunting for cracked software or porn can break their computer, but when even mainstream sites are compromised they really don’t have much chance.

Related:

Entry was posted on Tuesday, October 23rd, 2007 at 11:58 am under Advertising, Crime, Malware, Security.

Read more entries by Luke McKinney.
Stumble It!