Google used to distribute malware

September 29, 2009 | 10:02

Tags: #doubleclick #malware #trojan #virus

Companies: #google

Google has become the latest vector for ad-based malware distribution after its DoubleClick advertising arm became a delivery mechanism.

As reported over on The Register, Google's advertising arm started offering adverts which lead to malware sites attempting to take advantage of holes in Microsoft's DirectShow and the JavaScript engine in Adobe's Acrobat Reader.

The affected adverts - which were also distributed by the Yahoo-owned Right Media as well as FastClick - caused the Win32/Alureon Trojan to be installed onto machines which had not yet had the required patches installed. During the three days in which they were available, web filtering specialist ScanSafe claims that the adverts accounted for 11 percent of all pages blocked by their service.

Indeed, the list of affected sites - while small - is a veritable Who's Who of the Internet: conservative news site DrudgeReport, popular psuedo-predictive site Horoscope.com, Slacker.com, and Lyrics.com.

These is far from the first time an advertising service has been thought responsible for seemingly trustworthy sites offering up malware: the New York Times, possibly one of the most popular destinations for web surfers in the US, has suffered from a similar problem, and automated SQL injection attacks have lead to numerous popular sites being infected.

Perhaps most interesting about this particular incident is Google's response regarding the attack: while a spokesman did confirm that a security monitoring system designed to pull malicious and damaging adverts such as these was in place, the company put the onus on the sites themselves claiming that "publishers are in control of what content they are service and are therefore ultimately responsible for determining what advertising appears on their site," seemingly accusing the companies of not performing due diligence before "[approving] the content that goes on to the site before it is introduced into DoubleClick's servers."

Do you believe that Google has a point and that it's up to individual websites to vet the adverts that will appear, or is the entire point of using a supposedly trusted advertising broker that you should be protected from this sort of attack? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04