Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have advised
firms to properly secure their user's web activity following the
discovery of poisoned adverts affecting high profile websites.
Sophos has confirmed reports that the website
of BBC competitor ITV has been the victim of a poisoned web advert
campaign, designed to deliver scareware to Windows and Mac users. A
the website of The Radio Times, Britain's leading TV listing
magazine, confirms that a similar offending advert was removed from
their site yesterday.
Sophos experts discovered that a Macromedia Flash file, detected
as Troj/Gida-B, was
injected into traffic served up by ITV.com via third party
advertising agencies. Sophos has identified that the adverts are
designed to promote a program called Cleanator
(on Windows) or MacSweeper (on Apple
Macs). Both programs claim to detect "compromising files" on your
computer, and encourage users to purchase a full version of the
Users may see a pop-up message urging them to
download Cleanator or MacSweeper.
The programs claim to have found 'dangerous
files' and urge users to pay for a full version.
"TV viewers are accustomed to adverts getting in the way of what
they want to watch - they're probably not as used to adverts on
their favorite TV websites delivering unwanted code straight to
their desktops. The worrying thing is that it's quite likely that
it is not just these websites that are affected - other websites
could be carrying poisoned adverts," said Graham Cluley, senior
technology consultant at Sophos. "Companies who wish to protect
their users from visiting what they may consider to be perfectly
legitimate websites need to start scanning for malicious code at
the web gateway, just as they would at the email perimeter or on
the desktop. Sophos has seen an explosion in the use of the web to
spread malware, adware and spyware - and firms need to take
appropriate measures or risk having unauthorized code running on
their employee's computers."
"Websites often use third parties to serve up their advertising
for them. Website owners should ask the third party agencies they
use what procedures they have implemented to positively vett the
adverts that they deliver for malicious content or unsavory links,"
continued Cluley. "After all, it is the website that is going to
receive the angry complaints from their legions of users."
The people behind the adverts encourage Apple
Macintosh users to download a piece of scareware called
Last month Sophos published
its annual Security Threat Report, which detailed how criminals
are increasingly using the web to generate revenue and spread
malware. 6000 new webpages are detected by Sophos every day,
carrying malicious code - and there are increasing sightings of
online adverts being poisoned to direct browsers to dangerous
Simply click on the arrow above to stream the
podcast through your browser. Alternatively you can download
it to your MP3 player.
Sophos continues to recommend companies protect their desktops,
gateways and servers with automatically
updated protection against viruses, spyware, hackers, and
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.