Malware authors play Mario on Daily Mail website
An advertising network used by the Daily Mail website is being used to serve up malware.
We passed on a reader tip about a possible infection on DailyMail.co.uk to anti-virus firm Sophos, which confirmed that a strain of the Mario family of worms was being offered by an Israeli advertising network used by the Daily Mail.
The tainted ads are the work of malicious hackers who somehow succeeded in injecting redirection scripts into the ad network.
Code injected into an advertising stream is been used to serve up content for a malware-harbouring website located in Russia (which we won't name in case people are tempted to visit it). This site uses vulnerabilities in browser software to download malicious code onto unpatched Windows PCs, a classic drive-by-download attack.
Analysis of the attack is ongoing and it's not clear what other sites, who also use eyeblaster, the affected ad serving network, might be affected.
We emailed the Daily Mail's website techies, which bounced with a no-such-user error message, but followed up with a call. An advertising sales rep confirmed he'd being informed of the attack, because of the potential impact on ads being served via site. It's unclear how far Associated Newspaper technicians have gone in blocking the attack but at least we know they are on the case.
A similar ad network poisoning attacks affected ITV.com earlier this year. Graham Cluley, a senior technology consultant at Sophos, said that the onus was on ad-serving networks to check that their systems were offering up a clean feed.
"Websites shouldn't be expected to check all adverts they serve up, it's not practical. The third-party ad network is more responsible for checking advertising links," Cluley told El Reg.
"Until the Daily Mail is confident everything is clean they need to stop serving up ads through that network. It may be that they will choose not to use the network again."
"End users need to protect themselves against threats, however they arise," he added.
Malware authors play Mario on Daily Mail website ? The Register
An advertising network used by the Daily Mail website is being used to serve up malware.
We passed on a reader tip about a possible infection on DailyMail.co.uk to anti-virus firm Sophos, which confirmed that a strain of the Mario family of worms was being offered by an Israeli advertising network used by the Daily Mail.
The tainted ads are the work of malicious hackers who somehow succeeded in injecting redirection scripts into the ad network.
Code injected into an advertising stream is been used to serve up content for a malware-harbouring website located in Russia (which we won't name in case people are tempted to visit it). This site uses vulnerabilities in browser software to download malicious code onto unpatched Windows PCs, a classic drive-by-download attack.
Analysis of the attack is ongoing and it's not clear what other sites, who also use eyeblaster, the affected ad serving network, might be affected.
We emailed the Daily Mail's website techies, which bounced with a no-such-user error message, but followed up with a call. An advertising sales rep confirmed he'd being informed of the attack, because of the potential impact on ads being served via site. It's unclear how far Associated Newspaper technicians have gone in blocking the attack but at least we know they are on the case.
A similar ad network poisoning attacks affected ITV.com earlier this year. Graham Cluley, a senior technology consultant at Sophos, said that the onus was on ad-serving networks to check that their systems were offering up a clean feed.
"Websites shouldn't be expected to check all adverts they serve up, it's not practical. The third-party ad network is more responsible for checking advertising links," Cluley told El Reg.
"Until the Daily Mail is confident everything is clean they need to stop serving up ads through that network. It may be that they will choose not to use the network again."
"End users need to protect themselves against threats, however they arise," he added.
Malware authors play Mario on Daily Mail website ? The Register
