Monday, June 15, 2009

careful when you click

The Wall Street Journal reports that the complex interaction between businesses and their online ad sales deals leave websites open to hackers. The British entertainment website Digital Sky was reportedly hacked as one of its banner ads loaded malicious spyware onto users' computers. Because the viruses are loaded directly in the ad, just clicking on them is enough to infect a computer.

One of the reasons why this is happening is because companies are outsourcing their ad-sales to third-party ad dealers, opening them up to the possibility of ads that aren't legit. Other hackers place their ads directly onto sites, masked as other companies: for instance, EWeek.com displayed an ad on its homepage that looked to be a banner for the clothing company LaCoste. But LaCoste hadn't placed an ad; instead, it was a hacker whose ad directed clickers to a website where harmful spyware would be downloaded.

Some anti-virus program makers are now taking steps to minimize these kinds of attacks. Kaspersky Anti-Virus, for example, is now blocking advertisements from prominent advertising network Doubleclick, on the premise that Double-Click sometimes displays phishing ads. Now instead of the ad, readers get this warning:


Viruses spread through web ads are nothing new; in fact the WSJ reported this same story two years ago. It's worth considering that the inability of websites to guarantee secure advertising may inhibit the growth of web ad sales. Without trust in security, how will people click comfortably?

No comments: