Mal-Ads on the Rise Again

December 29th, 2009 | Author: Debbie Mahler

Over the past several days, I’ve received phone calls and requests for assistance because of some new mal-ads pushing yet another drive-by download.

Based on the discussion with one of these callers and their cry for help, I was able to get at some of the underlying script which was a PHP redirect.

Now for those of you who are unfamiliar with what that is, the simple explanation is that the page or ad being served up, has a code in it using PHP language (my WP blog is written in PHP language) that rotates what is displayed in the ad. I guess you could call it an ad rotation script.

What causes the problem is that when the rotation script calls up an ad that actually redirects you to a file that downloads into your temporary Internet files and launches a pop-up or pop-under page. Once you click the pop-up/pop-under page, you’ve launched the malware.

I described in a previous post: How To Stop The New Malware, the steps to take to stop this from happening. But like anything else security related, no one listens until they are infected!

So let me remind you one more time! First, go to this post and change your settings according to the browser you are using. (It covers IE and Firefox. If you want Safari and Chrome settings, leave a comment and I’ll post those too!)

Next, if the pop-up/pop-under appears, hold down the Control (CRTL) key, then the ALT key (hold it down too), and then the DEL (delete) key to bring up your Task Manager. Just do that once, because doing it twice will cause your machine to reboot!

Click to view Larger Image

When the Task Manager appears, click the Applications tab (if it’s not already on it) and click on the Internet Explorer or Firefox (whichever applies to your browser) and then click the End Task button on the bottom.

Note: You will lose your entire browsing session but it’s better to lose your browsing session then to get hit with this horrible malware right?

If you end task the way I described here, for now, the malware software will not be able to launch.

The biggest offender is still the FAKEAV (fake AV) malware, this includes the Antivirus 2009 malware. Trend Micro reports the loss to victims in an article: Rogue AV Scams Result in US$150M in Losses

That being said, I have a theory why this is on the rise again. I tweeted an article today about the increase in online sales over the holiday season. Specifically, Online Shopping Breaks Records at InformationWeek.

The article says that,

“November marks the official start of the holiday shopping season as millions of Americans search for gifts and deals both online and in stores,” said Jack Flanagan, executive VP of comScore Media Metrix, in a statement. “With nearly 4 out of 5 Americans online visiting a retail site during November, the Internet clearly represents an increasingly important channel for retailers during the holiday season and beyond.”

Now, we’ve discussed in the past the online shadow economy and how they benefit from this malware. Now, add to that the fact that more and more Americans are shopping online and you have a hackers and identity thief’s heaven!

Is it any wonder there’s an increase in the number of mal-ads being pushed through the ad servers?