Monday, December 28, 2009

New online virus threat comes via banner ads





Cologne, Germany - Recently, criminals managed to place a doctored banner ad carrying a virus on the homepage of the New York Times, a mainstay of American journalism.

The fact they could do so is bad enough. Worse: it's not an isolated case. It's becoming more and more common for unsuspecting computer users to accidentally pull Trojan horses and other damaging programmes onto their computer via these ads.

"They're becoming more popular," says Frank Felzmann of the German Federal Office forInformation Security (BSI). The first wave of these new viruses came to light at the start of 2008, says Christiane Ruetten of c't, a Germancomputer magazine. Since then, a variety of attacks like the one on the New York Times have been recorded.

Like any standard virus attack, the goal is usually malicious. Sometimes it's to bring as many computers as possible under the control of someone with a botnet network for distributing spam. Others are looking to steal a little money from the owners of the hijacked machines, perhaps by smuggling in a programme to steal information about online banking.

And how are they doing this? Usually they lodge their programme into the source code of a banner ad put up by a law-abiding company by accessing its flash data.

"It's packaged with a script that means that all a user has to do it look at the website to get routed to a malicious site," explains Candid Wueest of Symantec, a producer of security software. Like an online version of a drive-by shooting, a Trojan is introduced into the system that easily.

Other viruses have to coerce users into actually clicking on the banner, which means they get a warning telling them their computer is infected with "this or that number of dangerous programmes," says Felzmann.

"Then, some advertising for a fee-based programme, so-called scare or rogue ware, pops up." In a best-case scenario, those programmes are useless. In a worst case scenario, the programme doesn't install helpful software, but instead a programme which goes on to download yet another Trojan.

What can a person do? The first step is developing a healthy mistrust of banner ads with unheard of products. Felzmann advises avoiding programmes with names like Antivirus-Doctor '09 or Removal Tool 2010, since they could be the work of swindlers.

"The manipulated banner ads I've seen had no connection to well-known products," said Ruetten.

Safety minded computer users won't just avoid dubious computer tools, but will take the more important step of protecting their computer.

"Even Mac users aren't 100 per cent secure," warns Frank Ackermann, an IT security expert with the industry association eco. That means keeping the operating system, software like Flash Player, the browser, the anti-virus programme and the firewall all up-to-date.

Additionally, even if it means having to click a few extra times or limiting the function of some websites, it's always advisable to switch off functions like ActiveX, JavaScript or Flash, says Ackermann, because all are standard targets for criminals.

Another option is to make sure a person's computer is set so ads can only activate upon the customer's request and only after the request is verified separately. (dpa)

No comments:

Post a Comment