Fighting malware and spam

Pushy scamware ads served by DoubleClick

Advertising network provided ads for rogue security product.

Online advertising system DoubleClick, part of an ongoing acquisition attempt by Google, has allowed a wave of extortion trojans to be pushed out via its ad network, appearing on numerous trusted websites for some time before being stopped earlier this week.

The scamware, a version the of WinFixer rogue security product which harasses victims into purchasing a system cleaner product with repeated warnings of serious issues with their computer, was part of a range of inappropriate advertising pushed into DoubleClick's ubiquitous output by German-based ad firm AdTraff.com, linked by researchers at Sunbelt to a notorious scamming organisation.

DoubleClick claims to have implemented a range of policies to prevent malware from infiltrating its ads, but scamware presents a legal minefield as it often avoids illicit infiltration of the system, instead relying on social engineering to coerce victims into parting with cash for unnecessary and unhelpful software.

A detailed investigation into the incident, including comment from several Sunbelt experts involved in tracking the scam and the scammers, is in eWeek here.

14 November 2007

Tags: advertising, scamware, sunbelt, winfixer.