Flash Ads Serving up Malware on Popular Sites

  • By Dian Schaffhauser
  • 02/07/08
Malicious Flash banner ads have been surfacing on major web sites including Expedia.com, Rhapsody.com, and MayoClinic.com in the last month, according to media reports. Users who click on the banners, which advertise a digital music service, a student dating service, and disk cleaning software, are redirected to Web sites that proceed to install malware on their PCs.

Sandi Hardmeier, who writes "Spyware Sucks," first reported the rogue ads in a blog entry Jan. 28, referencing a well known malicious domain hosting site, securehost.com. The trail was next picked up by Trend Micro, which reported that the banners had to have made their way into the advertising supply chain by ad networks.

RealNetworks, which produces Rhapsody.com, first learned of the ads  Jan. 20 and removed them four days later. The company declined to identify what supplier was feeding the ads.

In a post Feb. 5, Hardmeier adamantly stated that browsers are not responsible for the hijackings. She blamed Adobe and Macromedia, the owners and creators of Flash, for not implementing security measures such as the ability for users to turn off redirects in the product. "Flash has turned into the Typhoid Mary of the Internet," she wrote.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • row of students using computers in a library

    A Return to Openness: Apereo Examines Sustainability in Open Source

    Surprisingly, on many of our campuses, even the IT leadership responsible for the lion's share of technology deployments doesn't realize the extent to which the institution is dependent on open source. And that lack of awareness can be a threat to campuses.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • cloud icon with a padlock overlay set against a digital background featuring binary code and network nodes

    New Cloud Security Auditing Tool Utilizes AI to Validate Providers' Security Assessments

    The Cloud Security Alliance has announced a new artificial intelligence-powered system that automates the validation of cloud service providers' (CSPs) security assessments, aiming to improve transparency and trust across the cloud computing landscape.

  • geometric grid of colorful faculty silhouettes using laptops

    Top 3 Faculty Uses of Gen AI

    A new report from Anthropic provides insights into how higher education faculty are using generative AI, both in and out of the classroom.