How can web sites avoid malicious banner advertisements?

Boyd Anderson posted this comment tonight:

"What can Classmates do about xponlinescanner.com/2008/1/freescan.php?aid=77011807?"

This was my response:

@BoydAnderson,

What can classmates.com do?

First, source reliable instructions and advice on how to get rid of xponlinescanner from any reputable anti-spyware advisory forum, and get that information out to their clients.

Second, conduct more comprehensive checks into the background and bona fides of those they accept advertising from - see these links for advice:

Avoiding the bad guys - detecting potentially malicious advertising campaigns
http://msmvps.com/blogs/spywaresucks/archive/2008/01/16/1465721.aspx

Winfixer hide 'n' seek: explaining why some people see the ads, and some people don't
http://msmvps.com/blogs/spywaresucks/archive/2007/08/24/1134527.aspx

Third, run advertisements that they receive through services such as www.adopstools.com to check for malicious code.

Sandi &c.

Adopstools.com provides a service called an Online Click Checker.  The Online Click Checker nearly always detects malicious or suspicious code in Flash based advertisements.  On those rare occasions that the Online Click Checker has failed to detect that an advertisement is malicious (which I have only seen happen a couple of times), the site's owner has been very fast to respond to my email approach by updating his scanner to catch what was previously missed.

 

Published Tue, Mar 25 2008 14:35 by sandi
Filed under: , , ,

Comments

# re: How can web sites avoid malicious banner advertisements?

Tuesday, March 25, 2008 4:48 AM by Sam Loirat

Hi Sandy,

Thanks for the input :o) I have updated the application last night to catch the latest malware such as the one within the get a car creative. it took me a while to find out its footprint (signature) but managed to isolate it and adding into the application.

Cheers

Sam

# re: How can web sites avoid malicious banner advertisements?

Tuesday, March 25, 2008 6:07 PM by Boyd Andersen

Guess a better question to ask would be, what can I do about not seeing

xponlinescanner.com/2008/1/freescan.php?aid=77011807

when I open Classmates?

# re: How can web sites avoid malicious banner advertisements?

Tuesday, March 25, 2008 6:30 PM by sandi

@Boyd Anderson,

From what I understand the advertisements should now be gone.

That being said, the only way to not see the redirect at all is to stop displaying the advertisement (dump Flash) and/or use a custom hosts file (conduct a Google search for MVP Hosts file) or if you are using something like Firefox to use noscript.

I am not a supporter of wholesale blocking of advertisements to avoid this problem, because, as they say, every man deserves his wage and far too many web sites and services depend on advertising income.  

Sandi