Welcome to WebmasterWorld Guest from 54.242.53.253

Forum Moderators: phranque

Message Too Old, No Replies

24/7 Real Media Servers Hacked - Served Trojans with Ads

"Wakeup Call" for Sites Offering Syndicated Ads

     
3:52 pm on Oct 22, 2007 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14218
votes: 226


ComputerWorld reports [computerworld.com] of Trojan infested ads being served by 24/7 Real Media. Since October 8th, hackers inserted an iframe into the ads served by 24/7 and distributed trojans via the ad network servers. It's not known how widespread the attack is.

Andrew Storms, director of security operations at nCircle Network Security Inc. "So much of the content we consume today comes from many syndication services," Storms said in an e-mail interview. "We trust that the content provided to us by Internet 'blue chips' is safe from malware.

"This should be a wakeup call for sites which offer syndicated content," Storms said. "They need to take a more active role in ensuring the security of [that] content."

4:35 pm on Oct 22, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 20, 2007
posts: 63
votes: 0


"They need to take a more active role in ensuring the security of [that] content."

And how might we do that?

4:58 pm on Oct 22, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


Well the easiest way would be to shut down their website and stop the development of the Real player.

I'd be more than happy with that gone :)

5:01 pm on Oct 22, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 9, 2004
posts:1435
votes: 0


Wow, that's serious. 24/7 has a huge reach (121 Million uniques a month and possibly running for 2 weeks), coupled with the number of vulnerable systems out there means a lot of people will have been infected.

WPP (a large advertising company with deep pockets) now own 24/7. It'll be interesting, as they are a third party which most disclaimers will not cover (in terms of limiting liability from use of a site), to see if this turns into more than just a bad PR day.

5:15 pm on Oct 22, 2007 (gmt 0)

Full Member

5+ Year Member

joined:Feb 27, 2007
posts:255
votes: 0


I don't think this is too uncommon especially with lower-end advertising companies. I play an online game that has ads and for years I have caught their ads trying to install malware onto my PC.

I've reported it but they've never done anything about it. I've even shown them that they can make a lot more with more honest ads considering they have over 40,000 active players each who log on several times a day, but they never listen (or even respond). I've even sent them screenshots of the infected programs (and other needed software) and they still don't listen. On their official forum there is a running thread of what malware gets put on the PCs (or at least attempted to) and from where.

11:02 pm on Oct 22, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 23, 2002
posts:659
votes: 0


Thank god for the AdBlock extension in Firefox. Don't have to worry about 24/7 trojans.
4:48 am on Oct 23, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 28, 2004
posts:351
votes: 0


Kaspersky caught it. Thought it was strange at first, but makes more sense after reading this post.