Thursday, February 26, 2009

Google, DoubleClick and Akamai hosting malware

I received word yesterday via various sources that Google and DoubleClick are serving malware via ads.

Here's
the Google diagnostic page for DoubleClick.net:
Of the 230717 pages we tested on the site over the past 90 days, 24 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-25, and the last time suspicious content was found on this site was on 2009-02-24.

Malicious software includes 25 scripting exploit(s), 13 trojan(s), 8 adware(s). Successful infection resulted in an average of 9 new processes on the target machine.

Malicious software is hosted on 7 domain(s), including auctlva.com/, advancedantivirusproscan.com/, liteantivirusproscan.com/.

3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fitnessfactory.com/, me9x.cn/, www-union.com/.

This site was hosted on 22 network(s) including AS15169 (GOOGLE), AS6432 (DOUBLELCICK), AS20940 (AKAMAI).

Maybe it's time to block all ads in our environments.

2 Comments:

Blogger Michael said...

You really cant trust anything on the other side of your firewall. I am committed to blocking ads as much as I can but it's really just whack-a-mole, for every one you block there are ten more new sources worming their way into your network. I'd love to just go to a whitelist method of blocking, but the bosses get up in arms when they cruise the internet on their lunch breaks (yeah, it only happens on lunch breaks....nudge-nudge, wink-wink).

10:55 PM  
Blogger mobang said...

The perfect solution: Little Snitch. Intercepts all outgoing calls and waits for you to allow or block them. Point your browsers thusly: http://www.obdev.at/products/littlesnitch/index.html

Surely there must be something similar for Windows.

6:02 PM  

Post a Comment

<< Home