Malicious 'Ransomware' Banner Ads Go Undetected - UPDATED
Dan Kaplan writes on SC Magazine US:
Security researchers believe a legitimate toolkit used to create Flash animation is also helping cybercriminals fashion malicious banner advertisements that scare users into believing their machines are infected with malware.More here.
Sandi Hardmeier, author of the Spyware Sucks blog, said Sunday that some malicious ads created using Fuse Kit are able to evade detection scans run by websites or third-party ad networks. She said Newsweek.com is the latest trusted website to unknowingly host a "malvertizement."
Simply visiting a page on the Newsweek site that contains the ad will cause a warning screen to appear that falsely tells users their machine is overrun by viruses. They are prompted to pay for and install a bogus anti-virus solution.
A Newsweek spokesperson could not be reached for comment.
UPDATE: 22:08 PDT, 18 August 2008: Alex Eckelberry points out that those who have pointed out the Fuse Kit may have pulled the trigger a bit prematurely. Having said that, while Fuse may not be the source of the maliciousness, it is indeed being used for that purpose by criminals who are -- at the moment -- unknown. -ferg