Flash Ads Serving Up Malware on Popular Sites
- By Dian Schaffhauser
Malicious Flash banner ads have been surfacing on major web sites including
Expedia.com, Rhapsody.com, and MayoClinic.com in the last month, according to
Users who click on the banners, which advertise a digital music
service, a student dating service, and disk cleaning software, are redirected
to Web sites that proceed to install malware on their PCs.
Sandi Hardmeier, who writes "Spyware Sucks," first reported the rogue
ads in a blog
entry Jan. 28, referencing a well known malicious domain hosting site, securehost.com.
The trail was next picked up by Trend Micro, which reported that the banners
had to have made their way into the advertising supply chain by ad networks.
RealNetworks, which produces Rhapsody.com, first learned of the ads Jan. 20
and removed them four days later. The company declined to identify what supplier
was feeding the ads.
a post Feb. 5, Hardmeier adamantly stated that browsers are not responsible
for the hijackings. She blamed Adobe and Macromedia, the owners and creators
of Flash, for not implementing security measures such as the ability for users
to turn off redirects in the product. "Flash has turned into the Typhoid
Mary of the Internet," she wrote.
Dian L. Schaffhauser is a freelance writer based in Northern California.