Sophos: Poisoned adverts on ITV & radio times websites lead to PC & MAC ’scareware’
February 2008 by Sophos
IT security and control firm Sophos is advising firms to properly secure their users’ web activity following the discovery of a poisoned web advert campaign on ITV.com. The campaign was designed to deliver ’scareware’ - malicious code which appears to be a legitimate computer security warning - to Windows and Mac users. A posting on the website of The Radio Times, Britain’s leading TV listing magazine, confirms that a similar offending advert was removed from its site yesterday.
Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, discovered that ads, which were provided to ITV.com by a third party agency, contained a Macromedia Flash file, detected as Troj/Gida-B. These adverts were designed to dupe visitors into downloading a program called Cleanator (on Windows) or MacSweeper (on Apple Macs). Both programs claim to detect "compromising files" on your computer, but in reality install malicious Trojan horses.
"TV viewers are accustomed to adverts getting in the way of what they want to watch - they’re probably not as used to adverts on their favourite TV websites delivering unwanted code straight to their desktops. Worryingly, it’s quite likely that it is not just these websites that are affected - other websites could also be carrying poisoned adverts," said Graham Cluley, senior technology consultant at Sophos. "Our own research has found that 83 percent of infected webpages are hosted on completely legitimate websites. The challenge for companies is how to stop employees becoming infected when they’re innocently surfing the web. The key is to scan for malicious code on every website - just like they scan every email."
Last month Sophos published its annual Security Threat Report, which detailed how criminals are increasingly using the web to generate revenue and spread malware. Sophos detects 6000 new infected webpages every day (one every 14 seconds) - and there are increasing sightings of online adverts being poisoned to direct browsers to dangerous sites.
"Websites often use third parties to serve up their advertising. Website owners should ask these agencies about the procedures they have in place to vet and ensure the adverts they deliver don’t include malicious content or unsavoury links," continued Cluley. "After all, it is the website that is going to receive the angry complaints from their legions of users."
Sophos continues to recommend companies protect their desktops, gateways and servers with automatically updated protection against viruses, spyware, hackers, and spam.