2.6 MILLION instances of infected ads since late December.

Since late December, anti-virus company Avast! has stated there have been over 2.6 MILLION instances caught by their software of online ads infected with malware being served up to computers.  It’s not just by the small and dodgy ad companies either.

The biggest culprits were Yahoo’s Yield Manager and Fox’s Fimserve which cover more than 50 percent of online ads.  Google’s DoubleClick wasn’t immune either, but its representation was significantly lower.

Most people will say be careful where you click, but this doesn’t help in the case of this particular infection (and many others).  All you had to do was visit a website displaying one and have a program installed they were capable of exploiting.  These programs include (but are not limited to) Adobe Acrobat, Adobe Flash, Sun Java and Apple QuickTime.

A common mistake people make is thinking they’re safe by only going to legitimate sites, but this is wrong as well.  The New York Times, Drudge Report, TechCrunch, WhitePages (US), NineMSN (AU), Fairfax (AU) just to name a few have all fallen victim of malicious ads on their websites in the past 12 months.

More details and my recommendations on how to protect yourself after the break.

The particular infection being analyzed here has been dubbed JS:Prontexi by Avast! AntiVirus.  It starts off with Javascript code which launches on a page being opened and starts checking for numerous programs with known bugs it can exploit including the very latest PDF exploits.

You can tell almost instantly when you have it by a large fake AV warning coming up on your screen.  These fake AV products can be quite insidious when infecting machines, getting in quite deep.  Although I’ve cleaned more machines from them in the past 2 years than I care to recall, one ended up having its network connectivity corrupted resulting in a full system rebuild from scratch.  I’ve had close calls with numerous other machines from corruptions made by the fake AV software. Sometimes it’s very straight forwards to remove, but not always.

The only guaranteed way to protect yourself from getting your computer infected with malware is not to have or use a computer at all.  Unfortunately that’s a little backwards, so here’s my top tips.

  • Run AntiVirus software and keep it up to date – My recommended free program for wintel boxes that I use myself is Avast! It’s just coincidental this report was done by the same company.  For Mac I use ClamAV though I am on the lookout for other free products.
  • Run AntiMalware software and keep it up to date – My recommended free program is Spybot Search & Destroy with TeaTimer running in the background.
  • Keep your computer fully patched AT ALL TIMES – PC users have this made a little simpler by installing and running Secunia PSI which sits in the background and alerts you when a program goes out of date. I am yet to find something similar for Mac.
  • Run adblocking software – I use AdBlock Plus in Firefox with the EasyList and Malware Domains subscriptions.
  • Do once-monthly scans of your computer.
  • Do once-monthly backups of your computer.
  • Do not bank from your main PC/Broswer/Account.  Do all online banking/transactions from a Virtual Machine or LiveCD. Ensure both of these are set to never save changes once shut down.
  • If you can’t do this as it is too complicated from you then at the very least create a second account on your computer which does NOT have administrator access, then use a different web browser from your standard surfing one for all banking and internet transactions.

These suggestions above are not a 100% guarantee, but they will help a lot.  As you can expect I am a hypocrite and do not even do all of these myself (the banking stuff), but the ones I do, I do on not only my PC’s but also my Mac’s.

What ever you do, do NOT get egotistical and start thinking you’re too smart to fall for these kind of things.  You’re not.  Legitimate sites do get hit.  You do NOT need to interact with the ad to get hit.  Using *nix/*BSD or MacOS will not help either.  There already are viruses for *nix/BSD out there in the wild, and ones for MacOS are proof of concept.  It’s only a matter of time.  Your operating system will not protect you, you’re just lulling yourself in to a false sense of security.

2 thoughts on “2.6 MILLION instances of infected ads since late December.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s