back to article Ad networks owned by Google, Microsoft serve malware

Two of the world's biggest ad serving networks – one owned by Google and the other by Microsoft – have been caught delivering booby-trapped banner ads that infect computers with malware without any action required on the part of the end user. The ads on Google's DoubleClick and Microsoft's rad.msn.com contained heavily …

COMMENTS

This topic is closed for new posts.
  1. adnim

    I can't imagine

    these companies informing the marks, sorry consumers, that blocking the ad servers at the router/firewall will protect systems from the malware served by said systems.

    Are these companies not responsible for what they serve? Shouldn't they pay compensation fro the damage caused by any malware that they serve?

    1. zaralockwood

      dodgy ads

      this has been going on for years, it's how most big businesses make a profit

  2. Anonymous Coward
    Alert

    A good reason to use FF

    Noscript + Adblock

    1. Big-nosed Pengie

      Close

      Noscript + Adblock + anything but Windwoes.

  3. Anonymous Coward
    FAIL

    js

    "Similar attacks can be avoided in the future" by using a very simple tactic...

    SERVE ONLY IMAGES

    ... no poxy javascript or flash. A simple image with a link to whatever is being advertised.

    1. Giles Jones Gold badge

      Images

      Image exploits are possible, not heard of any recently though.

    2. Pawel 1
      Unhappy

      Title

      Do you remember that lovely gdi+ bug not long ago?

    3. Blain Hamon

      While I agree with you that ads should only be images

      There have been exploits that trigger on little more than buffer overruns by corrupt images. So, um, yeah. If you really want to be safe, use Lynx.

  4. A handle is required

    Title

    *Double checks that these domains are blocked in NoScript*

    Move along.

  5. The Fuzzy Wotnot
    Pint

    Oh for the love of...

    Why the hell aren't people blocking this tripe? There is absolutely no reason to have ads in a pages, get stocked up with AdBlock+, NoScript, etc. I always tell people who use FF to always install AdBlock+ and if they wish, FlashBlock too. You will get faster loads and nicer, easier to read pages.

    Not only are ads bloody annoying, they're Web equivalent of finding "dog-links" on the pavement outside your house, they break up the page flow and slow the loads times. Certain tech news sites, ahem, look much better without the nasty ads breaking the flow with all that horrible kerning.

    Sorry Reg, but your pages just look much nicer without the ads!

    1. Anonymous Bastard
      Thumb Up

      Not all ads

      I too am a NoScript fan and that's good enough. Without scripting the worst offenders - and infections - are dealt a hefty kick to the virtual nuts. And yes the decrease in load times is very welcome too. I'm so used to the slimline version of the web that it has become shocking to see what other people have to put up with.

      Particularly on the Reg I am fine with the text adverts and occasional animated GIF. They're not so garish as to be distracting and they do serve a purpose after all, to pay for my favourite periodical. Long live El Reg! Love live saint Paris!

      1. Robert E A Harvey

        ...and

        we'd never have seen the cow with the flaming flatulence if we were blocking...

  6. Anonymous Coward
    Stop

    US Intelligence Could Be Behind This

    Google is known for their technology competence. Now they serve up viruses ? Come on...

    TheRegister has reported that a USGOV contractor "takes over" botnets to provide intelligence to US agencies (probably CIA and NSA). What if that "contractor" is behind this.

    You will not notice it like you notice the "commercial viruses" because your DSL modem flashes while pumping out spam or doing DDOS. Al this thing will do is to get the new "target requirements list" from Langley every few days. After some time the harddisk head will be moving a little to check the index the virus has already created for matching keywords.

    Now that the US economy is doing so badly I am sure they will lend a "helping hand" to their ailing corporates. Airbus, Arianespace and Daimler employees beware !

  7. Jay 3
    Gates Horns

    noscript + adblock plus

    toss in Linux (or MAC) and you are pretty safe

  8. raving angry loony

    yay

    It's shit like this that makes you realize that these ad folks are probably more dangerous than they're worth.

    yay adblock and noscript. The main reason I use them is to stop the jitterbugs and other annoying crap, but if it helps stop this kind of bull I'm happy with that.

    Moving right along.

  9. Anonymous Coward
    Grenade

    oops

    <edits hosts file>

    1. Marc Wilson
      Grenade

      Hosts file is the best solution

      I have all the ad-serving domains aliased to 127.0.0.1 in my hosts file. Sod the lot of 'em.

      http://www.theregister.co.uk/Design/graphics/icons/comment/grenade_32.png

  10. thecakeis(not)alie

    Just another reason...

    ...for websites to offer their readers/consumers/whatever the option of a paid subscription or an ad-funded model. Some of us do want to support our favourite websites…but like hell am I giving up my AdBlock or NoScript!

  11. Anonymous Coward
    Anonymous Coward

    on my menu everyday

    adblock + ghostery

  12. N2
    Thumb Down

    Double Click shite

    Blocked at the router

    Blocked by Ghostery

    Controlled by NoScript

    & filtered by Adblock Plus

    Along with anything else remotely similar

  13. Anonymous Coward
    Anonymous Coward

    ad twats

    These ad networks should be liable for any damage caused.

    Can anyone get anything right? Seems not!

  14. Eponymous Cowherd

    Of bears and great detectives....

    We need a defecating ursid / non-defecating fictional Victorian detective icon.

  15. Anonymous Coward
    Anonymous Coward

    using FF and ad-ons doesn't always work

    I've tried using FF and such and this caused a huge number of tracking cookie to appear on my machine. My machine slowed considerably.

    WTF?

  16. jason 7
    Unhappy

    Will be the death of a lot of smaller sites however.

    A lot of small sites live on their ad revenue and that will dissapear as a result of infected ads and all of us blocking them.

    I now visit some enthusiast sites that now detect that I'm blocking their ads and politely advise me that in doing so I am not helping them continue running their site.

    Damned if you do, damned if you dont.

    Hmmm but the suspicious side of me thinks...if ad revenue totally dried up on the web then who would be left to.....oh thats right...just govt websites. Yup, its a conspiracy. lol

    1. copsewood
      Linux

      Small sites can have a good future

      Small sites don't get much ad revenue by definition. My websites get zero ad revenue and this will continue because my users' attention is much too precious a commodity for me to want to sell this to third party advertisers. I'm a subscriber to a site ( lwn.net ) which tried initially to pay for journalism through ads. This wasn't going to work (not enough money from ads to cover costs) and the regular readers persuaded the site to keep going by offering subscriptions.

      If a website is of genuine value, the regular users will want to pay the piper in preference to it closing down.

  17. Anonymous Coward
    Anonymous Coward

    Ttir,amctao/d

    "if ad revenue totally dried up on the web then who would be left to.....oh thats right...just govt websites."

    All websites that have something to sell? It's a little strong to suggest that the collapse of the ad market would lead to the demise of sites like Amazon or the likes...

    I agree that the little guys suffer though. Maybe it's time for the emergence of ad companies who cater for the little guy. Then you could just unblock IndieAds.com or whatever. Pity there's so much less money to be made from it.

  18. Anonymous Coward
    Anonymous Coward

    ad merchants have themselves to blame

    if you have ever tried to pick through the remote and obfuscated JS being served to your site by an ad vendor and you will soon see they care only for themselves. "Make sure the page waits for our slow ads to show first" etc is not unusual to hear.

    Block em all.

  19. webdude

    Any Idiot

    Any idiot who surfs with JavaScript turned on deserves what he gets.

  20. Kubla Cant

    Nice ads needed

    Like most commentards here, I block ads because they annoy and distract. This piece of news gives me even more cause to do so. But I appreciate the role of ad revenue in keeping useful and entertaining web sites going, so I feel slightly guilty about blocking.

    Interestingly, the text-based ads and sponsored listings on Google don't annoy me (though they may be deplorable for other reasons).

    What's needed is an ad server that is guaranteed to deliver only plain HTML, perhaps with the more garish tags and large fonts outlawed. I'd be prepared to let that through the filter. They'd have to keep squeaky clean though - one transgression and they're filtered.

  21. Steve Roper

    I don't feel guilty about blocking

    I never, ever buy anything directly from an online ad. When I'm in the market for something, I google and research pricing, availability, etc, and only then do I visit commercial sites that sell what I want. So by blocking ads I'm actually saving the advertiser displaying useless impressions, so they can be used for someone who might actually buy something from it.

    Sites that detect my use of an adblocker and prevent me from viewing them go straight onto a blacklist, both at home and at work, and guarantee that I will never do business with the companies/persons behind such sites.

  22. Harry

    What really irritates me ...

    ... is stupid sites that display stupid messages that say "This site needs javascript".

    Oh no it does *NOT*.

    OK, you may have employed some incompetent web designers who don't know how to code pages without using javascript. You might even have one or two tiny "features" that you think (very wrongly I suspect) look fractionally better with javascript. But they'll be those nasty irritations like marquees and constantly changing images which add nothing but clutter and "nauseosity" to your site.

    If you haven't been able to duplicate the core functionality of a site without using javascript, then there's only one word to describe you and your web designers, and that's *incompetent*.

This topic is closed for new posts.

Other stories you might like