> is this really news? Actually it is news. While DT has not always been viewed as the shining light on the hill in terms of its practices, it's rare to see them near in this kind of stuff.
We have a call with them tomorrow to try and understand exactly what happened. They claim complete innocence, but putting that aside, it did appear to be an accident. I'll hear them out to see exactly what their position is, and share it with the list if that's desired. As Dude VanWinkle mentioned, DT is quite ubiquitous. Avoiding them is pretty hard. > let's also not forget that ad's themselves are viral in nature. Well, ok, but the idea is that something like the malwarealarm ad running is more than just a little duplicity on the part of a marketer... Example: hxxp://scanner2(dot)malware-scan(dot)com/9_swp/scan.php That's what was being served. Incidentally, Larry Seltzer gets the credit for having found this in the wild. Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of silky Sent: Monday, November 12, 2007 9:12 PM To: Dude VanWinkle Cc: [email protected] Subject: Re: [funsec] Some Ad Networks Are Bad News is this really news? story @ 11: you are only secure as your weakest link. orly? let's also not forget that ad's themselves are viral in nature. tricking us into trusting the products they promote so that they can exploit our wallets ... On 11/13/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > On Nov 12, 2007 7:53 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Nice article, Larry. :-) > > > > Via eWeek. > > > > [snip] > > > > You wouldn't go surfing to just any site. You're careful about where > > you go. You only go to sites you trust. > > > > But who are you trusting? A series of recent attacks has resulted in > > seemingly respectable news sites serving malware and redirecting > > users to sites that serve malware. > > > > The problem is in the ads on those news sites. The ads are served by > > advertising networks that weren't careful enough with their own security. > > When you trust a Web site you have to trust everyone it's in bed with. > > > > [snip] > > > > More: > > http://www.eweek.com/article2/0,1759,2215305,00.asp > > > > Also, here's an accompanying article by Lisa Vaas on DoubleClick > > serving up malware ads: > > > > http://www.eweek.com/article2/0,1759,2215635,00.asp > > hmm, doubleclick serving up malware ads.. funny that this is the link > on the ziffdavis atricle :-) > http://ad.doubleclick.net/click;h=v8/3609/0/0/%2a/q;137016197;0-0;0;84 > 02494;3030-160/90;22613468/22631351/2;;~okv=;pos=top;zdid=a219243;zdty > pe=commentary;zdaudience=creativeprofessional;pagetype=article2;zdtopi > c1=securityopinions;tile=2;sz=160x90;~sscs=%3fhttp://clk.atdmt.com/MRT > /go/zffdvity0180000043mrt/direct/01/ > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > -- mike http://lets.coozi.com.au/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
