For a time, online advertisements have been a constant source of not only nuisance but of malware as well. Earlier this month, we’ve seen malicious banner ads being served on popular Web sites, such as Myspace, Excite, and Blick. This time, TrendLabs was alerted to malicious banner ads infiltrating legitimate special interest Web sites such as Expedia.com and Rhapsody.com.
According to Trend Micro security experts, certain malicious .SWF banners have hacked their way into Expedia.com, a popular site for travel enthusiasts worldwide. Trend Micro detects the said malicious flash banner as SWF_ADHIJACK.A. Based on initial analysis, clicking on this ad leads to several redirections, which eventually result to the installation of a rogue antispyware detected as TROJ_GIDA.A.
Music lovers are also targeted by mal-banners as Rhapsody.com, a music site owned by RealNetworks, is found to be carrying malicious flash banners as well. The malicious .SWF URL found in Rhapsody.com is said to be similar to the notorious Skyauction advertisements that were also found to infiltrate the Blick Web site mentioned earlier.
In any industry, advertising has proven to be an effective way to sell products. Apparently, this holds true in the malware industry as well. It provides another means for malware authors to effectively spread their malicious codes, and earn profits at the same time. With this knowledge, there’s no doubt that malware authors shall do more malvertising, targeting more and more popular Web sites to “advertise” their malware.
Be a smart buyer and don’t fall for false advertising. Not only might you not get your money’s worth, you might also end up spending more without you knowing it.