CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 18th, 2008

Malicious Adobe Flash Ads Hit High-Profile Websites

According to a post on the Bluetack Internet Security Solutions site, Newsweek.com is suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs. Newsweek.com is one of several high-profile websites accused of exposing its readers to dangerous ads.

The malicious ads have been appearing on Newsweek’s website via feeds that carry the Washingtonpost.com address. The ads redirect users to a site that falsely claims users’ PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange.

Malvertizing-like symptoms can be seen all over the net, on sites like MSNBC, Facebook, lime.com, Hotmail, MySpace and Yahoo. The ads are extremely hard to spot because they can sit dormant for days before the attacks begin. The use of multiple affiliates to buy and sell online ads also makes it hard for sales staff at established websites to separate legitimate ads from those that are designed to defraud or attack.

Recently, malicious hackers started using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In those attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

The attack is coming from Adobe Flash-based advertising on legitimate sites, including Digg, MSNBC.com, and, yes, Newsweek. Once the clipboard has been hijacked, the user can’t copy anything else over it, in some cases, until the machine is retstarted.

Share this item with others:

More on CyberInsecure:
  • Potential Vulnerability In Adobe Flash
  • Malware Served Through Flash Exploits By MSN Norway
  • Adobe Fixes Clickjacking Vulnerability In Flash Player 10
  • Another Fake Twitter Profile Spreads Malware That Harvests Orkut Credentials
  • MLB.com Major League Baseball Website Infected Visitors Through Ads

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malicious Adobe Flash Ads Hit High-Profile Websites

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.