On mySimon: The North Face Mountain Sneakers for Men
BNET Business Network:
BNET
TechRepublic
ZDNet

February 10th, 2009

Fake Antivirus XP pops-up at Cleveland.com

Posted by Dancho Danchev @ 4:11 am

Categories: Anti Virus, Botnets, Malware, Passwords

Tags: Security, Malvertising, Rogue Security Software, Antivirus 2009, Cleveland, TACODA, Dancho Danchev

Have we reached the phrase when targeted advertising would equal evasive malware campaigns pushed through third-party ad networks, to a geolocated set of visitors only? Could be. During the weekend, rogue antivirus XP pop-ups were served to visitors of Cleveland.com, according to visitors’ complaints which I also managed to verify.

Investigating further reveals that the very same ad network that was used to serve similar Antivirus 2009 pop-ups at AllRecipes.com in November, appears to have been the one (tacoda.net) that cybercriminals once again used in Cleveland.com’s case.

With efficiency-centered ad networks in terms of allowing publishers faster access to their networks, every cybercriminal, no matter the ad network in question, can easily become a publisher - the basics of malvertising whose key advantage from the cybecriminal’s perspective remains the opportunity to target high trafficked web sites which aren’t susceptible to common exploitation tactics.

What ad networks should set as a priority is establishing a more transparent process about what measures — if any — have they undertaken to verify that the publisher’s sites aren’t disseminating malware or client-side exploits. For instance, plain simple cross-checking (for starters) of the rogue security software domains that appeared at Cleveland.com against Google’s Safebrowsing database, indicates that they’re already marked as harmful.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 45 Talkback(s)
Silly
It has nothing to do with ZDNet or any other website. It's being served up by the ad servers. If you use a decent browser like Firefox and block the ads you won't see it anymore.... (Read the rest)
Posted by: AzuMao Posted on: 02/14/09 You are currently: a Guest | | Terms of Use
something needs to be done about antivirus 2009  Randalllind | 02/10/09
Lucky... and smart  Gis Bun | 02/10/09
Lucky... and smart????  Alan(UK) | 02/10/09
It does not matter.  Grayson Peddie | 02/10/09
It does not matter???  Alan(UK) | 02/10/09
Their trick...  svpaladin@... | 02/10/09
So basically  AzuMao | 02/11/09
Dose not matter what web browser you use  japrovo88 | 02/11/09
Okay  AzuMao | 02/11/09
Not realy  electro@... | 02/12/09
Alt-F4  AiR_GuNNeR | 02/12/09
thanks for Alt-F4  hizaleus | 02/12/09
It to can be usurpated  electro@... | 02/12/09
Don't need Alt+F4  AzuMao | 02/14/09
Antivirus 2009 complications  elt100 | 02/12/09
Zdnet sponsored by antivirus 2009?  Dekkerfan | 02/12/09
Silly  AzuMao | 02/14/09
RE: Fake Antivirus XP pops-up at Cleveland.com  arensteinmarc@... | 02/10/09
But but..  rpmyers1 | 02/10/09
Ummm.... No.  NStalnecker | 02/10/09
Right  rpmyers1 | 02/10/09
The solution  AzuMao | 02/11/09
Only going to well know sites is no guarantee of safety  hizaleus | 02/12/09
or not...  elt100 | 02/12/09
SamsClub.com is/was another site with the Ad  dwdanny | 02/10/09
My first step would of been to block the site.  Been_Done_Before | 02/10/09
You need to contact their ad vendor  AzuMao | 02/11/09
RE: Fake Antivirus XP pops-up at Cleveland.com  dbarr@... | 02/10/09
RE: Fake Antivirus XP pops-up at Cleveland.com  svpaladin@... | 02/10/09
RE: Fake Antivirus XP pops-up at Cleveland.com  crumbelton | 02/11/09
RE: Fake Antivirus XP pops-up at Cleveland.com  sysop-dr | 02/11/09
Sadly...  Wolfie2K3 | 02/11/09
hard to track them down ?  dcdavy | 02/11/09
Ya  AzuMao | 02/14/09
Great idea..  AzuMao | 02/11/09
RE: Fake Antivirus XP pops-up at Cleveland.com  vaughanm | 02/11/09
Their trick???  Alan(UK) | 02/11/09
ha ha  dcdavy | 02/11/09
not required to think  hizaleus | 02/12/09
There there  AzuMao | 02/14/09
RE: Fake Antivirus XP pops-up at Cleveland.com  eric@... | 02/11/09
Another Great Removal Tool  eric@... | 02/11/09
What a ridiculous pile of nonsense!!  Cayble | 02/11/09
Yes  AzuMao | 02/14/09
Antivirus 2009 popping up through unopened IE  hizaleus | 02/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here