eWeek has an article "DoubleClick Serves Up Vast Malware Blitz" which describes problems with DoubleClick serving up malicious content related to none other than the WinFixer Group ... however a few of (DoubleClick) their comments struck me as nothing more than doublespeak ...
"DoubleClick officials told eWEEK that they have recently implemented a security monitoring system to catch and disable a new strain of malware that has spread over the past several months.
The sites involved are ultimately responsible for any malicious code delivered through their ads or sites."
How is it that the content is being served up from DoubleClick's servers, but the website itself is responsible for malicious content? Seems that DoubleClick has been aware of this problem for quite a while now ... so whatever system they have implemented isn't working very well.
In another article dated Jun 21, 2007 ... "While evidence of rogue networks exists, isolated occurrences of malicious ads are more common in Edelman's experience. In early June, he identified an ad for a product called DriveCleaner that ran on Friendster.com and was served through DoubleClick's DART servers. The ad attempted to take over Friendster and replace the URL in the address bar with another, according to Edelman."
"We very rarely come across cases like this," said Sean Harvey, senior product manager of the DART platform at DoubleClick. "As a technology provider, we have a strong support team. They contact us and we can put a SWAT team on it and shut it down in real time."
A "SWAT Team" ... "a strong support team" huh? Looks more like DoubleClick is too busy puffing themselves up for a Google takeover than worrying about managing the content they are serving ...
In another related (WinFixer) story eWeek describes quite a few other large advertisers and major sites that have been hit with the same problem = the WinFixer Group ... Sandi Hardmeier and I have been reporting about the tactics of WinFixer for quite a while ... "Attack of the WinFixer Clones" while it's good that the problem has finally reached the mainstream press, what now?
All the clones supported by WinFixer (and there are hundreds) are hosted by foreign providers ... so not much you can do there. However it appears that the services that sell advertising need to do a much better job researching who they are selling to ...
Notice that none of these recent new articles mention anything about what recourse there is to the visitors that were duped by these malicious ads ... one solution is to use a HOSTS file to avoid the majority of these problems.