Malicious banner ads recently popped up on the National Hockey League (NHL) and Major League Baseball (MLB) sites. Fortunately the ads disappeared, but not before infecting the computers of some site visitors.
According to Roger Thompson of Exploit Prevention Labs, the malicious ads were brought to his attention by people from Grisoft - a popular antivirus solution provider. According to Thompson's research, the ads were served through DoubleClick's ad network, which pulled the ads from downstream ad providers. The downstream providers (along with DoubleClick) were duped into serving the malware to MLB and NHL site visitors.
When the ads were displayed, users' browsers were minimized and a dialog box appeared asking whether to scan the system for viruses. Even when the user clicked Cancel, a dialog box popped up posing as a virus scanner and suggesting that the user install an alleged security tool.
The tactic of using major ad networks to serve malware has been used before, and since ad networks often share content, it's becoming problematic to police the ad content adequately. The overall scenario creates high risk for users all over the Internet, especially those that think they should be able to trust the content of major Web sites.
Thompson said that while some people call the new phase of Web development "Web 2.0," others refer to it as "Web 2 Uh-oh!" Thompson added that the trend of pulling content from various sources into a centralized Web interface is a dangerous situation since HTTP traffic easily traverses most firewalls, making Web content filtering systems more necessary.
