For the past several weeks, millions of banner ads that contain Trojan horse programs that can infiltrate a user’s computer have been running on the popular sites Photobucket.com and MySpace.com as well as others.
Security company ScanSafe detected the ads on August 8th, and estimated that 12 million of the banner ads were served over three weeks. It was found that these ads were delivered through the Right Media Exchange system, the newly acquired Yahoo network.
Visitors who used a version of Internet Explorer that was not properly updated with the latest security updates were susceptible for infection by the hidden Flash file.
Even though the ad had been identified and the issue is being resolved by Right Media according to other reports, this kind of online crime is not unprecedented and unfortunately is probably not over. This type of activity has happened on various other networks over the years, but the Right Media Exchange is a unique environment made up of many advertisers and networks that have higher levels of control to exchange all kinds of ad types, good and bad.
Banner ad attacks carrying malware are a very efficient way to infect many people because banner ads usually run on high-traffic, well trusted sites. The ads in question used an invisible “iFrame” which inserts content from other sites onto the current page.
Right Media has a thorough scanning process to identify these malicious ads before they have the opportunity to infect other machines, however ScanSafe said that this particular code was created to identify the difference between a web site visitor and Right Media’s scanning servers. Owners and users of the Right Media Yield Manager system speak very highly at the level of diligence that is put into fighting malicious advertising.
The Trojan, was identified as Trojan Downloader VBS.Agent.n, coming from a server in the Netherlands without any kind of figure of the number of people infected by the program.
Regardless of how large or small a company is the evolution of parasite and prey will continue, even online. The easiest way to avoid being caught by a virus is for users to periodically update their systems.