Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 24th, 2009

Google’s DoubleClick Spreads Malicious Ads On Eweek Website

Google’s DoubleClick ad network has once again been caught distributing malicious banner displays, this time on the home page of eWeek, the online version of the popular business computing magazine. Unsuspecting end users who browse the site were presented with malvertisements with invisible iframes that redirect them to attack websites, according to researchers at Websense. The redirects use one of two methods to infect users with malware, including rogue anti-virus software.

In one case, a PDF with heavily obscured javascript shunted victims to a subdomain at In other scenarios, a generic index.php file did the bidding.

Once users were redirected, the site dropped a series of malicious files, including one named winratit.exe, into a user’s temporary files folder and then prompted them to be automatically called the next time the machine rebooted. The result was the installation of Anti-Virus-1. It invites users to divulge their payment details and also alters their host file to make it hard to disinfect the machine.

The scourge of malvertisements has been a lingering threat over the past few years, and as the world’s biggest ad network, DoubleClick has repeatedly been caught playing an unwitting role. Booby-trapped banner ads are the perfect vector because they hit users while visiting trusted sites, so their guard is down.

Catching the tainted banners has been challenging for DoubleClick and its competitors because the perpetrators often go to great lengths to conceal their activities. Miscreants often set up fictitious advertising agencies that appear to be legitimate. They also have the ability to turn the attacks on and off at the drop of a dime to evade sensors seeking out the malicious ads.

Given DoubleClick’s tremendous reach, it’s possible the rogue ads have shown up on websites other than eWeek. A Google spokesman said that their scanners have found a few instances of these malware ads in the DoubleClick network. As such, they’ve added these domains to malware list and are in the process of removing any offending ads from the ad network.

It is unclear how long the attacks had been active, how many websites they affected or how the attackers were able to bypass Doubleclick’s defenses. According to WebSense, eWeek has rectified the problem and eWeek website is now safe.

Credit: The Register, WebSense

Share this item with others:

More on CyberInsecure:
  • Malware Torrent Delivered Over Google, Yahoo! Ad Services
  • Scareware Malvertizements Approved By Google And Microsoft Ad Systems, Served On,
  • Major League Baseball Website Infected Visitors Through Ads
  • ICQ Ads Infect Users With Scareware Via Malvertizing
  • Malicious Adobe Flash Ads Hit High-Profile Websites

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google’s DoubleClick Spreads Malicious Ads On Eweek Website

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.