Shady ads target sports fans

Shady ads target sports fans

Publishers thrown curveball by rogue security banners

A group peddling rogue anti-virus software has duped several major sites into serving users with unwanted downloads.

Among the sites serving up the ads were Major League Baseball's site, the National Hockey League's, and the website for business magazine The Economist.

Security researcher Roger Thompson from Exploit Prevention Labs documented the ads, which have since been removed, in a video. The video shows the advertisements "hijacking" the browser to direct the user away from the original site and attempt to perform an unsolicited software download and installation.

The ads use what is known as a "scan and scare" tactic. The user is offered a free system scan which then returns fraudulent or misleading results in an attempt to scare the user into paying for the software. This technique is a favorite amongst so-called "rogue" security vendors who sell intentionally ineffective or malicious security software.

The ads were first believed to be coming from the Doubleclick network, though the company has since been cleared in the matter. Researchers say that the sites were contacted directly by the advertisers, who then managed the ads through Doubleclick's DART ad-serving system.

The malicious Flash files contain code which redirects traffic from the host, past Doubleclick's servers, and to a site which then tries to serve up the unwanted download.

In a statement, Doubleclick said that it was updating its system to track down and remove the malicious ads.

"Unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware," said the company.

"We are going to continue to take both proactive and, as necessary, reactive steps."

The company recommends that publishers carefully research prospective advertisers and keep a close eye on the behaviors of banner ads.

Doubleclick is hardly alone in the struggle to block out malicious and intrusive ads. Both ad vendors and researchers say that rogue security vendors often use solcalled bait and switch techniques to swap out normal ads with malicious files.

This has resulted in an ongoing cat-and-mouse game in which malware vendors are adopting new techniques to stay ahead of the screening systems used by the advertising networks.