Winfixer ad network infiltrations - ponderings
My articles about Winfixer infiltrating the MSN and AOL advertising networks have garnered a lot of interest over the past few weeks. Trawling through the referrers and trackbacks for my various articles shows just how topical and pervasive the malware advertisement infilitrations are becoming.
AOL and MSN are, of course, only two victims of winfixer infiltration. Any site that uses the same ad network is at risk.
For example, forum.winamp.com is another site that has been hit - and yes, I was saw a systemdoctor redirect at that site this morning. http://forums.winamp.com/showthread.php?s=&threadid=268303&highlight=spyware
The banner adverts on the winamp forum that I am seeing come from the following URL:
Unlike MS/MSN who responded very quickly to my reports to them of winfixer infiltration, it seems that AOL have not done a damned thing yet, and that is simply not good enough.
I was in Seattle not long ago for the MVP Summit. While I was there I had a short meeting with a Director of Community & Intelligence, Security Research & Response at Microsoft who has been dealing with the fall-out of the Winfixer infiltration of the Windows Live Messenger banner ad network. The primary purpose of the meeting was to discuss my concern that the fact that winfixer had managed to infiltrate the MS/MSN ad network once meant that it would happen again.
Microsoft certainly understands the risks being faced by users of their software which includes advertisements - whether it be Windows Live Messenger, or Windows Mail Desktop with its advertisement pane, or MSN, or Hotmail. But unfortunately, although I am pleased at the high level of collaboration I am seeing at MS/MSN as a result of the Winfixer outbreak, I am not confident that another outbreak will not occur.
As long as advertising networks do not directly host creatives they will be at risk of bait and switch. Winfixer is popping up in so many places, we cannot be sure that *any* Web site that displays dynamic advertisements will be safe. So what can we, as users, do about this problem, considering the advertising networks seem to be unable to control the problem by themselves?
Yes, we can get rid of Flash. We can use ad blockers. We can use Mike Burgess's hosts file to redirect known advert and URLs to localhost. We can disable active x completely. I'll fight against users having to cripple their Web browsers and sacrifice access to content such as Flash and active x in an attempt to avoid malware. Mike Burgess's HOSTS file, on the other hand, is what I recommend - block the adware content without crippling your browser or sacrificing Flash.
Web site owners and those running advert networks must surely understand the risk to their revenue streams as more and more people actively block advertisements as a self defence mechanism against malware. If we, the visitors, don't see the adverts we are not going to click on them. If we don't click on the adverts, there is no income. Maybe once the advertising networks realise they are at risk of losing more and more viewers, the cost of directly hosting creatives will become less prohibitive - after all, it is better to have a lowered income than no income at all.
A final note - Mikeonads has an interesting write-up about the winfixer malware problem that is worth reading: