Poisoned adverts lead to PC and Mac scareware

IT security and control firm Sophos is advising firms to properly secure their users’ web activity following the discovery of a poisoned web advert campaign on ITV.com.  The campaign was designed to deliver ‘scareware’ – malicious code which appears to be a legitimate computer security warning – to Windows and Mac users.  A posting on the website of The Radio Times, Britain’s leading TV listing magazine, confirms that a similar offending advert was removed from its site yesterday.

Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, discovered that ads, which were provided to ITV.com by a third party agency, contained a Macromedia Flash file, detected as Troj/Gida-B.  These adverts were designed to dupe visitors into downloading a program called Cleanator (on Windows) or MacSweeper (on Apple Macs).  Both programs claim to detect “compromising files” on your computer, but in reality install malicious Trojan horses.

Graham Cluley, senior technology consultant at Sophos commented the issue:

TV viewers are accustomed to adverts getting in the way of what they want to watch – they’re probably not as used to adverts on their favourite TV websites delivering unwanted code straight to their desktops.  Worryingly, it’s quite likely that it is not just these websites that are affected – other websites could also be carrying poisoned adverts. Our own research has found that 83 percent of infected webpages are hosted on completely legitimate websites.  The challenge for companies is how to stop employees becoming infected when they’re innocently surfing the web.  The key is to scan for malicious code on every website – just like they scan every email.