Malicious banner advertisement at National Geographic??

Uh oh...

Somebody using the pseudonym MWT has posted a comment warning that he was hit by a banner advertisement redirect when browing a National Geographic article.

Note that he was using Opera at the time (his name is a link to a screenshot of the redirect).

I also have screenshots of such malware redirects affecting Firefox, and Firefox on a MAC, and that is a worry because these advertising campaigns rely as much on social engineering as they do exploits, and its only a small step to change from redirecting to a fake security software site to redirecting to a site that has been compromised by MPACK or equivalent - and remember, MPACK targets exploits that affect IE, Firefox *AND* Opera.

This is absolutely essential that such advertisements are shut down as soon as they are discovered.  I'm off to the National Geographic site now to try and capture evidence of the redirect.

If any of my gentle readers want to help out, you'll see a link to Fiddlercap, and a link to a Macromedia page that will flush out cached Flash data, in the News pane to left of screen.  If you manage to capture a redirect affecting National Geographic, please contact me using the Contact link at top of screen.

More later if I find anything.

 

Published Fri, Nov 23 2007 6:53 by sandi
Filed under: , , ,

Comments

# re: Malicious banner advertisement at National Geographic??

Friday, November 23, 2007 3:33 PM by F. Engelmann

I came across the same this morning, with a redirect to scanner.malwarealarm.com served by blessedads.com.

Most interesting is the degree to which the redirect crippled Safari 3.0.4, on OS 10.4.11. The original page shrunk to the top left and could not be resized either by dragging or the widgets, additionally most menu items were disabled and command-Q didn't work, requiring a force quit.

The page containing the ad triggering the redirect was

hxxp://news.nationalgeographic.com/news/2007/11/071121-giant-scorpion_2.html

After that it was the usual scareware, with plenty of tricks to download an exe. I'll try Fiddlercap and send additional data if successful.

# re: Malicious banner advertisement at National Geographic??

Friday, November 23, 2007 5:14 PM by sandi

@F Engelmann

Damn.  I spent several hours last night trying to catch the redirect without luck.

It would be great if you could grab a copy of Fiddlercap and record the redirect for me; Fiddlercap is very safe from a privacy point of view - unlike products like Wireshark or Microsoft network monitor it only captured IE traffic.

Note that you may need to delete all cookies and temporary internet files, and also use the link to left of screen to delete all cached Flash objects as well before the redirect will happen again.