back to article Malware torrent delivered over Google, Yahoo! ad services

Some of the web's bigger websites were flooded with a torrent of malicious banner ads after cyber crooks managed to sneak them onto syndication services operated by Google, Yahoo, and a third company, according to a security firm. The ads - which attacked previously-patched vulnerabilities in Adobe's PDF Reader and Microsoft's …


This topic is closed for new posts.
  1. Conrad Longmore

    Of course..

    Of course, it could never happen to El Reg, could it?

    Oh wait...

  2. Anonymous Coward
    Gates Halo

    The vulnerabilities are in the browser and operating system

    The internet is full of viruses. If the user hasn't updated their software, they're putting themselves at risk whether the malware exists in an ad banner or any other site.

  3. Tom B

    Caveat Pasco

    And some people wonder why I insist on blocking all ads and most scripts in my browser. Not only are many of them annoying, but you have the possibility of them being carriers for malware.

    "Let the browser beware"!

  4. Anonymous Coward

    Two cures for the malvertisement blues... and I can see why he wouldn't want his name used.

    AdBlock + NoScript = WIN.


    >""With DoubleClick ad management, publishers are in control of what content they are serving and are therefore ultimately responsible for determining what advertising appears on their site,""

    Yes, no wonder the facetious git didn't want his name used. Is he seriously claiming that there's an option in the publishers' googleads account settings for "Include malware banners (Yes/No?)" and it's all the publishers' fault for having left it on instead of off? Because he certainly *sounds* like he's saying it's all their fault for having *chosen* to get malicious ads from google's advertising network. No wonder he didn't want to be named, he knows how stupid he must have sounded.

  5. TeeCee Gold badge

    Half the truth anyway.

    "He went on to say that DoubleClick does employ a security monitoring system that screens all ads, and in cases where it identifies problem banners, they are pulled immediately."

    It's a shame he didn't go on to apologise for this system being a useless sack of shit that's not fit for purpose. An existing Trojan targetting an old vuln and they *still* didn't spot it? You could forgive 'em not picking up the odd zero day, but this?

    Doubleclick were always greedy scum peddlars. Being owned by Google doesn't make them any more than Google-branded greedy scum peddlars. They've been blocked on my router for some years now and I've still seen nothing that would make me think about changing this (notwithstanding that the whole "getting off my arse and doing it for no benefit" bit is unlikely to happen in any event).

  6. Anonymous Coward

    Last night I added these to my firewalls access restrictions list

    Got fed up of being redirected to google-analytics (fuck google) every time I clicked on a link. But then added

    yieldmanager, doubleclick, tacoda, smartadserver, googlesyndication.

    Going to be adding more soon.

  7. Efros


    Adblock Plus anyone?

  8. Scott 1

    Further support for ABP and NoScript.

    I have to echo the above comments about the goodness of AdBlock Plus and NoScript. I've been running both for a couple of years, and I've yet to experience a "drive-by download" type infection. I wish our IT manager would make that setup mandatory for all web browsing here.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021