Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

USATODAY.com Malicious Flash Banner Ad

Date:04.08.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ has received reports of a malicious Flash banner ad on USATODAY.com, a prominent news web site. The banner ad leads to the download of various spyware and ransomware, appearing as legit anti-virus scanners to the uninitiated.

Screenshot of banner ad from USATODAY:

Without any user interaction, the banner ad causes the browser to be minimized to the bottom right-most corner of the desktop, behind a fake warning popup dialog box. In the screenshot below, we clicked “cancel”.

Even prior to clicking “cancel”, we noticed that the desktop is already receiving data from the verified malicious host--all of this without any user interaction.

Clicking “cancel” still takes the visitor to a fake malware scanner site, which despite the subsequent of clicking “no” or “cancel” to all the popup dialog boxes, leads to a “free” fake scan, which then results in a fake anti-virus scan result page.

The machine we used in our tests were 100% free from malicious code, yet the fake page claimed 12 infections. O RLLY?

It then offers the usual malicious “solution” for download.

Websense security customers are protected from this attack.

More details about this malicious binary from Microsoft:

http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fRenos