One man's fight against a malicious banner advertisement

sandi — Wed, 09 Jan 2008 23:59:00 GMT

Fascinating reading and an excellent insight into the problems faced by web sites hit by malicious content - reality is that the web sites affected by malicious advertising need help gathering the data required to prove an incident has occurred, and often need help tracking down which advertising network is the guilty party - that is where people like myself can assist:
http://seo.mhvt.net/blog/?p=180#more-180

The "orange Flash ad" is the now infamous advertisement for dot.tunes.

I wonder if the "Phil" that commented at the seo.mhvt.net blog is the same one that commented on my blog:
http://msmvps.com/blogs/spywaresucks/archive/2008/01/07/1443904.aspx#1450506

The owner of the seo.mhvt.net blog also posted a comment to my blog:
http://msmvps.com/blogs/spywaresucks/archive/2008/01/07/1443904.aspx#1449379

I understand the seo.mhvt.net owner's comment better now than I did yesterday. What I initially put down to simply curiosity may have in fact been a concern that I had used a discovery on his blog as a basis for an article on my blog without citing the source of the initial information.

It's amazing how information about malicious banner advertisements, and how to find them, flies around the Web very quickly. I receive intelligence via many sources - comments via this blog, private forums used by security professionals who trawl the net looking for malicious advertisements and post their findings without wanting credit, direct emails, accidental discovery, phone calls, all sorts of ways. Sometimes I have no idea where that intelligence comes from. For example, I may receive an alert that simply says "check out youhide.com" with no further information and no way to contact the original sender (honest guys, you can trust me, there's no need to use a fake email address when contacting me via the Contact link at the top of this blog - and by the way, if you're reporting something that somebody else found, tell me where you're getting the info from).

In this instance, it looks like seo.mhvt.com may have been one of the first, if not the first, to report that there was a problem with an advertisement touting dot.tunes; it's a pity I didn't realise that earlier because I could have pointed to the blog in my original posting. Sadly, I have corresponded with the owner of the blog in question in the past, trying to help him find a MAC equivalent to my preferred software (Fiddler), which makes me feel even worse about the omission.

Oh well, we live and learn. I'm not sure how to address the potential issue of another site being the 'first' to find a malicious banner advertisement, because information propagates so fast, information sometimes comes in at an astounding rate, and I don't want to waste time searching for pre-existing reports of an outbreak before doing my own investigations after receiving an alert, but we'll handle things as best we can and do our best to give credit where credit is due.

Spyware Sucks : Security, General stuff

One man's fight against a malicious banner advertisement