Flash Ads Serving up Malware on Popular Sites
- By Dian Schaffhauser
Malicious Flash banner ads have been surfacing on major web sites including Expedia.com
, and MayoClinic.com
in the last month, according to media reports. Users who click on the banners, which advertise a digital music service, a student dating service, and disk cleaning software, are redirected to Web sites that proceed to install malware on their PCs.
Sandi Hardmeier, who writes "Spyware Sucks," first reported the rogue ads in a blog entry Jan. 28
, referencing a well known malicious domain hosting site, securehost.com. The trail was next picked up by Trend Micro, which reported that the banners had to have made their way into the advertising supply chain by ad networks.
RealNetworks, which produces Rhapsody.com, first learned of the ads Jan. 20 and removed them four days later. The company declined to identify what supplier was feeding the ads.In a post Feb. 5
, Hardmeier adamantly stated that browsers are not responsible for the hijackings. She blamed Adobe and Macromedia, the owners and creators of Flash, for not implementing security measures such as the ability for users to turn off redirects in the product. "Flash has turned into the Typhoid Mary of the Internet," she wrote.
Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at firstname.lastname@example.org or on Twitter @schaffhauser.