Hotmail and malicious banner advertisements?

Important note: These reports are unconfirmed.

A person has posted a comment to my blog warning that they experienced a redirect while using Hotmail aka Windows Live Mail - you can read the comment here:
http://msmvps.com/blogs/spywaresucks/archive/2007/11/08/1287908.aspx#1369705

Earlier this month I spotted a similar complaint affecting MSN Groups:
http://groups.msn.com/ArtifactsofMars/general.msnw?action=get_message&mview=1&ID_Message=568

I've notified the appropriate parties about both of these reports, but am interested to know if any more of my readers have seen, or heard of, such problems in recent times.  If you have done so, please contact me or post a comment.  It will be very helpful if you could also tell me on what date(s) the redirct happened, and what country you are in.  It would be even better if you can record evidence using Fiddler or Fiddlercap.

The advertising network used by MSN has been infiltrated in the past. Those who have been reading my blog for a long time will remember the outbreak that hit Windows Live Messenger, Hotmail and MSN Groups back in February this year.

 

Published Fri, Nov 30 2007 8:30 by sandi
Filed under: , , ,

Comments

# re: Hotmail and malicous banner advertisements?

Thursday, November 29, 2007 7:43 PM by Barry

Whether this is true or not, the sheer fact that it's *possible* has a big take-home message:  you *cannot* outsource your advertising, especially not to a firm that outsources what they provide to you.  It may be cheaper in the short run to simply trust what the next company down the line is providing to you, and then pass that on to your client, but just wait until the lawsuits start flying.

This may make things more difficult for small websites, but hopefully the concept of "buck stops here" advertising services will emerge, where an advertising service promises to personally inspect and approve every ad they serve.

# re: Hotmail and malicous banner advertisements?

Thursday, November 29, 2007 8:23 PM by sandi

Hi Barry,

You make a good point, and I have the said thing myself many times, but as was demonstrated by the Sensis incident, also reported on this blog, sometimes you can be caught out even if you host the advertisements on your own server.

Such is the nature of the beast; the malicous advertisements are coded in such a way as to try and avoid detection by the victim web sites and their advertising networks.

It is not sufficient to simply run the ad to see if it does anything; nowadays the creatives must be decompiled and the code checked for suspicious content - a skill that the advertising networks and web site staff may lack.

Best wishes,

Sandi &c.

# re: Hotmail and malicious banner advertisements?

Friday, November 30, 2007 5:44 AM by One Surprised Guy

I just signed into hotmail and this happened to me (a MalwareAlarm redirect), much to my surprise.  I run a clean, fully patched computer as far as I know, and I'm fairly certain that I don't have any malicious software on my machine that assisted in this redirect.

The page it directed me to was quite sophisticated. After cancelling the attempt to install an ActiveX control, it began very realistically simulating a virus scan over hundreds of real-looking filenames and finding four or five "infections" in my computer with real-looking virus names. The "scan completed" dialog even grayed out the "scanner" background.  This was slick and professional, much moreso than most clumsy attempts I see.  If I were somebody's grandmama I'd be pretty convinced.

When I left the page, it threw up another dialog box reminding me that my computer was still infected and that I could only be saved by installing their tool.

Bad news; other users should watch out.

# re: Hotmail and malicious banner advertisements?

Friday, November 30, 2007 6:55 AM by sandi

Ok, guys, I need proof.  Please download and install Fiddler or Fiddlercap, delete all cookies, temporary internet files and your Flash Cache as per instructions to the left of screen in the "News" section of this blog, and contact me if you manage to record a redirect at Hotmail.

We've been able to clean things up before, we can do it again.

Thanks!

Sandi &c.

# re: Hotmail and malicious banner advertisements?

Friday, November 30, 2007 6:59 AM by sandi

Ok, guys, I need proof.  Please download and install Fiddler or Fiddlercap, delete all cookies, temporary internet files and your Flash Cache as per instructions to the left of screen in the "News" section of this blog, and contact me if you manage to record a redirect at Hotmail.

We've been able to clean things up before, we can do it again.

Thanks!

Sandi &c.