Popular Gadget Blog Gizmodo Victimized by Malvertising Scam
Computer users are being warned of adverts found on Gizmodo, a popular gadget blog, which are laced with malware.
It was not too long ago that we reported that malware-bearing ads were appearing on large popular sites such as Lyrics.com, Drudgereport.com and even Horoscope.com. Now it seems these malicious advertisements have reached across a great deal of reputable web sites.
Hackers are busy flooding advertisement networks with malevolent ads that lead computer users to the download and installation of fake security software. In the recent case of Gizmodo's advertising team, they were basically tricked into accepting what they believed to be Suzuki advertisements but they did not know the source would be that from a group of hackers.
Gizmodo, like other popular websites that have been hit with malvertising in the past, is a large site that reaches millions of visitors every day. With hackers running a malvertising campaign on such a large site, it could reach thousands of computer users in a matter of a few hours of displaying malicious advertisements. Graham Cluley, Sophos' senior technology consultant, said that "By hitting one of the biggest blogs in the world, these hackers are aiming high. Their plan was to infect as many computer users as possible with their malicious adverts. They know Gizmodo gets a huge amount of traffic - once they infected the site through their adverts they could just lie in wait for their victims to visit." He then adds, "What is particularly audacious about this plot is that the criminals appear to have posed as legitimate representatives of Suzuki in order to plant their dangerous code on Gizmodo's popular website."
From our recent observation, we believe that malicious advertisements will continue to be a way for attackers to spread malicious security applications for a quick payday. By attacking one of the largest blogs, Gizmodo gets over 3 million page views each day, hackers could literally sit back and let the money roll in from the sales of their malicious security applications that are spread through malicious ads on such a site.
Who can you blame, the webmasters for doing business with the fraudulent advertisers or the end users for not patching or updating their web browser? Either way, malicious adverts on large web sites is a serious problem that we can all play a part in being cautious of.
Consumers and webmasters are both advised to keep their computer security up-to-date in terms of software and quality control over their website. This recommendation is especially important for advertisements and the networks selected to display ads on any given web page that you manage. Hackers have been able to slip through the cracks to get malicious ads displayed on other high profile sites such as the New York Times. These instances usually happen when the hacker, or group of hackers, pretend to be a potential advertisement client from a well-known company.
How does a website end up with malicious ads?
Reasons as to how these incidents happen are mainly due to the fact that ad revenue runs large portion of the Internet and without it several large and small sites would cease to exist. Hackers are aware of this fact and rush to disguise themselves as legitimate companies seeking to promote ads on prominent sites. Then what happens is somewhere down the screening process of new advertisers the ad networks fail to recognize ad-based malware. This may have been the case of some of the most recent malvertising campaigns to appear on high profile sites such as the New York Times or Gizmodo. This is why it is in the best interests of ad networks to handle malvertising before it affects online advertising worldwide and legitimate advertisers and publishers are forced to terminate partnerships with certain ad networks because of the lack of anti-malware measures.