Malicious banner adverts .. they haven't gone away

Good morning everybody.

Thing have been quiet on this blog with regards to malicious Flash advertisements, but that doesn't mean that nothing has been happening - on the contrary - there has been a lot going on behind the scenes.

Good news is that the malicious SWF implicated in the soccernet outbreak (content owned by adtech.de and distributed by Akamai in the soccernet incident) is no longer being distributed, although it is still accessible via direct URL - I class that as kind of a half win - I'd much prefer the SWF to be moved completely out of public view.

It is interesting to contrast the steps that Akamai and adtech.de have taken by simply stopping distribution with the steps that Sensis took when they were hit - not only did they immediately stop distribution of the advertisement, they also made sure it could no longer be accessed online.

Now, to keep things interesting, Mike Burgess (another MVP) has been focusing on a USA based network that is hosting actual malicious files and trying to get the network to stop distributing winfixer type applications.

Mike Burgess has comprehensive information about the malware being hosted by LimeLight, and his efforts to get the company to take down the content, to no avail:

Limelight Networks serving up Malware (December 5):
http://msmvps.com/blogs/hostsnews/archive/2007/12/05/1380292.aspx

LimeLight Networks and connecting the dots (December 7)
http://msmvps.com/blogs/hostsnews/archive/2007/12/07/1384205.aspx

More malware found at Limelight Networks (December 16)
http://msmvps.com/blogs/hostsnews/archive/2007/12/16/1400161.aspx

Limelight distributes hundreds of Rogue Antispyware products
(December 17)
http://msmvps.com/blogs/hostsnews/archive/2007/12/17/1401525.aspx

So, for the time being, our focus should be campaigning to get LimeLight to stop distributing malware.  Of course, I continue to be on the lookout for malicious advertisements as well.

Mike's comment that LimeLight's "partners" may not appreciate being associated with malware, and that they should perhaps be made aware of Mike's discoveries, is a very interesting one.  All's fair in love and fighting malware.

Mike's blog is well worth subscribing to. He's as passionate about stopping the distribution of malware online as I am, and he has a lot of information about things such as fake video codecs and what not.

 

Published Wed, Dec 19 2007 8:10 by sandi
Filed under: , , ,

Comments

# re: Malicious banner adverts .. they haven't gone away

Tuesday, December 18, 2007 11:14 PM by Barry

There's only one way you're going to get malfeasors to stop distributing malware:  slap them with a lawsuit (or, better yet, slap the cuffs on 'em).

# re: Malicious banner adverts .. they haven't gone away

Thursday, December 20, 2007 1:37 PM by Mike Nolet

I'm really not sure what pointing fingers at CDNs such as LimeLight accomplishes.  A CDN is a dumb service that provides companies with a global footprint for delivering static content -- decreasing latency & increasing bandwidth.

Every ad-partner delivers static content (JPGs, SWFs, etc.) via a CDN.  The CDN isn't the distributor, it's just a dumb middle layer between consumer and a static file.  It isn't, nor should it be the CDNs job to control content that gets delivered via it's network.  They don't actively _push_ content out to consumers, consumers pull the content when somebody else is linking to the malicious SWF files -- they're the guy you want to point fingers at and stop.  You cut out LimeLight, the files will be hosted elsewhere within minutes (if they aren't already).