Sneaky New Virus Spreads via Ads

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Hackers infiltrated popular tech business site yesterday using Google's DoubleClick banner ads as a vehicle. Websense caught the malicious coding and published its results, which spurred eWeek to scour its code and remove all phony advertisements.

The pest, named Anti-Virus-1, is complicated and smart. The advertisements are for antivirus software, and when a user clicked on them, the ads redirect to a pornography Website through a series of iframes. Then a PDF pops up loaded with evil code, exploiting a weakness currently festering in the Adobe systems; or the file index.php redirects to the rogue ad server. The server places a file named "winratit.exe" into the user's temporary files folder and stays there without any user interaction.

If the user tries to cleanse the computer by visiting any of several popular software downloading sites, the hack has a twist of the blade waiting: the host file is modified to redirect to even more malicious Websites offering further rogue downloads.

eWeek may not be the first popular Website to be attacked. "Given DoubleClick's tremendous reach, it's possible the rogue ads have shown up on Websites other than eWeek," Websense Vice President of Security Research Dan Hubbard told The Register.

As always, exercise caution when following advertisements.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon