News

Flash Ads Serving Up Malware on Popular Sites

Malicious Flash banner ads have been surfacing on major web sites including Expedia.com, Rhapsody.com, and MayoClinic.com in the last month, according to media reports.

Users who click on the banners, which advertise a digital music service, a student dating service, and disk cleaning software, are redirected to Web sites that proceed to install malware on their PCs.

Sandi Hardmeier, who writes "Spyware Sucks," first reported the rogue ads in a blog entry Jan. 28, referencing a well known malicious domain hosting site, securehost.com. The trail was next picked up by Trend Micro, which reported that the banners had to have made their way into the advertising supply chain by ad networks.

RealNetworks, which produces Rhapsody.com, first learned of the ads Jan. 20 and removed them four days later. The company declined to identify what supplier was feeding the ads.

In a post Feb. 5, Hardmeier adamantly stated that browsers are not responsible for the hijackings. She blamed Adobe and Macromedia, the owners and creators of Flash, for not implementing security measures such as the ability for users to turn off redirects in the product. "Flash has turned into the Typhoid Mary of the Internet," she wrote.

About the Author

Dian L. Schaffhauser is a freelance writer based in Northern California.

Featured

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.