back to article Scareware package planted in ITV.com ads

Users visiting the website of UK broadcaster ITV earlier this week risked exposure to a scareware package. Malware-laced banner ads that lead to download sites for the Cleanator scare package have also been served up on the Radio Times website. Radio Times confirmed that it removed the offending ad late Wednesday morning, …

COMMENTS

This topic is closed for new posts.
  1. BeachBoy

    On Yahoo too

    This is also in the ad rotation for Yahoo mail. My antivirus (Nod32) has stopped it twice in the last week. Click on anywhere on the dialog box (including the X) and it attempts to do things to your machine.

  2. Geoff Thompson
    Unhappy

    Depressing

    Saw this nonesense on ITV.com. Just closed my browser. Someone should track down these jokers and introduce them to cricket, from the ball's perspective.

  3. Iain
    Go

    Use Add-ons

    Use the Firefox add-ons No-Script and Re-Direct Remover. I have found it deals nicely with all that horrible crap (and can be disabled if necessary with a minimum of fuss)

  4. Andrew Cawte
    Paris Hilton

    How come...?

    OK, dumb question time...

    Given that all an advert needs to be is a static image, or maybe an animated one, how or why is there any code at all, of any kind, associated with it?

    Seems to me that, in a desire to see who can out-annoy who, otherwise legitimate ad serving organisations have opened a can of worms that simply didn't need opening. Given how easy it is to just install ad blocking software, I'd have thought webmasters would be falling over themselves to see who could produce the _least_ intrusive ads, in the hope that people wouldn't just switch them off altogether.

  5. Matt

    PHP?

    Why on earth mention PHP? It hasn't got anything to do with it, next you'll be saying it was PHP 4.2 on Apache 1.3 on Windows 2000 running on a Dell machine with an AMD processor and Western Digital disk, which is hosted in a yellow room in Liverpool. Ooh, hang on a minutes I see your point now, it's the scousers again......

  6. Anonymous Coward
    Anonymous Coward

    I saw this too...

    I presumed that I had just typed the URL wrongly or something. I did get a malicious javascript detected as a virus on my Vista box (detected by AVG) while it uploaded a page that "scanned my system for security" or something transparently pish like that.

    The thing is I also saw it on my Girlfriend's Mac, with a page that made it look like it was Mac specific malware that was being searched for so I killed the browser (firefox). The problem is that having no AV or anti-spyware installed on the Mac, I have no way of knowing if anything dodgy was run or is still running on it. Anyone got any suggestions? Preferably ones that don't involve shelling out actual money...

  7. Simon Greenwood

    re How come...?

    Most, if not all banners are a link to a URL. The ad server serves the required code for the banner but might not be particularly discriminating in what it serves, which could lead to embedded javascript issuing pop-up events (I'm not casting aspersions on ITV.com's system here, just looking at potential scenarios). Alternatively, the URL in the banner link could look OK but could redirect to a malware pop-up when you click on it.

  8. Anonymous Coward
    Pirate

    On Interface Lift aswell

    I have had this a number of times on the Interface Lift site. Also tried to download a Trojan via .swf whilst re-directing me to one of these scareware sites. Virus protection caught it, but I still don't understand how complicated it can be to prevent this sort of crap from being identified sooner and then stopped.

    @Simon

    Didn't click on anything on the site, just navigated to it using my favourites link.

    Maybe get the owners of the ad server to verify or test the code first?

  9. Anonymous Coward
    Anonymous Coward

    NoScript

    Saying that NoScript works is like saying that turning the computer off works. It does technically work, but surely it pans out like this instead:- Person with NoScript visits itv.com and is safe. Considers itv.com to be a safe, trusted site. Sees that video is present and wants to see it so starts enabling scripts on the site and embedded sites until they get the desired functionality (even if temporarily). However all they see is server names with no idea what they do. At some point they enable the servers which allows the malware to come through.

    I don't understand how someone is supposed to work out what constitutes a trusted site and an untrusted site in the context of malware which is running from an otherwise clean and trusted site such as itv.com. The bottom line is if you don't trust anything, a lot of perfectly good sites don't work. if you do trust parts of those sites, you risk being hit by this kind of malware.

    I use NoScript but I don't see how it can protect against this. It does protect against a lot of other stuff and that's why I use it and support it.

  10. Simon Greenwood

    re: On Interface Lift aswell

    Advertising policy varies from site to site: sites could leave it to third parties like Doubleclick or run their own solutions. Depending on volumes ads could be monitored or just fed into the system as long as someone has paid for them. One would hope that there was some nominal screening for malware but in the end it's all income and economies of scale and I would guess that potentially malicious ads aren't spotted until they are served. In the meantime, Firefox + AdblockPlus + NoScript are your friends.

  11. Anonymous Coward
    Alert

    What laws have been broken here?

    And will somebody definitely be identified and prosecuted AND forced to recompense each and every person who has been disadvantaged by this miscreant?

    Perhaps even more important, if no laws have been broken, will somebody please identify and shoot somebody in Her Majesty's Government for FAILING to bring in proper LAWS to prevent this sort of menace?

  12. Daniel
    Unhappy

    You could sa, however..

    .. that having invaded your computer, interrupted your web browsing, bombarded you with messages pestering you to buy their software, or else - all because you went to a web page with an advert on it... that they have, at least, proven one thing. They're right: you're computer's not secure.

    They're still c*nts, like, but in a: 'Hey, look! We can act like c*nts, and you can't stop us!' sort of way.

  13. Paul
    Boffin

    @How come...?

    "Given that all an advert needs to be is a static image, or maybe an animated one, how or why is there any code at all, of any kind, associated with it?"

    Depending on how the ads are embedded, what comes back from the ad-server can be nearly anything. Not just a hyperlinked image file.

    As someone mentioned, it could send JavaScript or other client-side script back to the browser to do an auto-redirect or pop up an alert window or something, or it could return an iframe with the malware page embedded.

    It could also be a Shockwave Flash object instead of a static/animated image. I'm not all that au-fait with Flash capabilities (bloody hate the stuff), but I wouldn't be surprised if you can make that auto-load another page too.

    In several of these cases there's no need to even click anything, just loading the damn thing is enough to make the badness take place.

  14. Simon Greenwood

    re: NoScript

    That's true, NoScript just blocks javascript unless you allow it. As a model that works for me, as I would prefer to see what is running on a page before I allow it. That's especially the case in some video sites like Metacafe and Linkit, which have embedded scripts from something like half a dozen other sites on the page in some instances, but you can still view the video just by allowing the local domain, essential if you like watching cats falling off tables.

    ABP is more powerful where ads are concerned as it will show the scripts attached to the ads that are blocked. I pressed the ABP button on this page and it flags scripts and shows the code, which in the case of Doubleclick ads, runs to a couple of thousand characters, which, if you wore a tinfoil hat, could mean anything, which is why the combination is a good solution as far as I'm concerned.

  15. Derek Law

    And in Pogo

    I complained to EA games about the pop-up, and they said eventually that "more time is required for investigation".

  16. Andrew Wiseman

    ITV Virus

    I think my TV must have caught this pop-up virus too. Each time I watch Corrie I get some junk messages on screen telling me to text a number to catch-up with ITV programmes, or to visit the website or to watch The Bill coming next.

    Is there anything I can do to cleanse my CRT of this crap?

  17. Anonymous Coward
    Boffin

    @Chris

    Noscript will block ads by domain, this is true. That's why you never bother allowing domains with "adserver" or a domain totally unrelated to the site you're trying to view as i doubt you'd be deliberately trying to look at ads if you have noscript installed.

    @Andrew Wiseman

    Clean your screen from the inside with this - http://www.linein.org/media/screen_clean.swf

  18. Anonymous Coward
    Coat

    Ads?

    Are there adverts and nasty script thingies on the Interwebs?

    My Firefox extension settings & anti-spyware apps must be hiding them from me.

    Mine's the mink with the fox stole.

This topic is closed for new posts.