24/7 Real Media Servers Hacked - Served Trojans with Ads - Webmaster General forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

24/7 Real Media Servers Hacked - Served Trojans with Ads

"Wakeup Call" for Sites Offering Syndicated Ads

martinibuster

3:52 pm on Oct 22, 2007 (gmt 0)

ComputerWorld reports [computerworld.com] of Trojan infested ads being served by 24/7 Real Media. Since October 8th, hackers inserted an iframe into the ads served by 24/7 and distributed trojans via the ad network servers. It's not known how widespread the attack is.

Andrew Storms, director of security operations at nCircle Network Security Inc. "So much of the content we consume today comes from many syndication services," Storms said in an e-mail interview. "We trust that the content provided to us by Internet 'blue chips' is safe from malware.
"This should be a wakeup call for sites which offer syndicated content," Storms said. "They need to take a more active role in ensuring the security of [that] content."

civgroup

4:35 pm on Oct 22, 2007 (gmt 0)

"They need to take a more active role in ensuring the security of [that] content."

And how might we do that?

carguy84

4:58 pm on Oct 22, 2007 (gmt 0)

Well the easiest way would be to shut down their website and stop the development of the Real player.

I'd be more than happy with that gone :)

inbound

5:01 pm on Oct 22, 2007 (gmt 0)

Wow, that's serious. 24/7 has a huge reach (121 Million uniques a month and possibly running for 2 weeks), coupled with the number of vulnerable systems out there means a lot of people will have been infected.

WPP (a large advertising company with deep pockets) now own 24/7. It'll be interesting, as they are a third party which most disclaimers will not cover (in terms of limiting liability from use of a site), to see if this turns into more than just a bad PR day.

draggar

5:15 pm on Oct 22, 2007 (gmt 0)

I don't think this is too uncommon especially with lower-end advertising companies. I play an online game that has ads and for years I have caught their ads trying to install malware onto my PC.

I've reported it but they've never done anything about it. I've even shown them that they can make a lot more with more honest ads considering they have over 40,000 active players each who log on several times a day, but they never listen (or even respond). I've even sent them screenshots of the infected programs (and other needed software) and they still don't listen. On their official forum there is a running thread of what malware gets put on the PCs (or at least attempted to) and from where.

frontpage

11:02 pm on Oct 22, 2007 (gmt 0)

Thank god for the AdBlock extension in Firefox. Don't have to worry about 24/7 trojans.

growingdigital

4:48 am on Oct 23, 2007 (gmt 0)

Kaspersky caught it. Thought it was strange at first, but makes more sense after reading this post.