/>
X

How ads on legitimate web sites can lead to malware and unwanted software

One of the great myths of security is that if your PC is infected with malware it’s your own fault. You shouldn’t have been searching for porn, downloading pirated software, or snagging bootleg DVDs from BitTorrent.But that's no longer true. These days, even ads on a legitimate web page can lead to unwanted, potentially malicious software. Here's an example.
6256636.png
1 of 6 Ed Bott/ZDNet

This ad appeared at the bottom of a post on a lightly trafficked but legitimate blog. Notice the animated graphic and yellow bar, both designed to mimic the appearance of similar “missing plugin” messages from browsers. The ad was served by a third-tier ad network, AdBrite.

For more details, see "Social engineering in action: how web ads can lead to malware."

6256637.png
2 of 6 Ed Bott/ZDNet

Clicking the ad takes you to a page that uses more social engineering to simulate the experience you might have trying to play a video file in your browser. The spinning wheel next to the word “Buffering” suggests that the page is trying to download a video but is being stopped somehow.

Although this screen was captured in Google Chrome, the experience is identical in other browsers, including Internet Explorer.

For more details, see "Social engineering in action: how web ads can lead to malware."

6256638.png
3 of 6 Ed Bott/ZDNet

If you run the unsigned download, this installer starts up. It certainly looks like the real thing, and it even offers a choice of Express or Custom installations.

It actually does install a version of the Xvid codec, but it also includes a few unwanted extras...

For more details, see "Social engineering in action: how web ads can lead to malware."

6256639.png
4 of 6 Ed Bott/ZDNet

In addition to the codec, this installer slips in a few extras. Without your consent, it installs extensions for any browser you have installed, as well as a copy of Real Player.

<

For more details, see "Social engineering in action: how web ads can lead to malware."

6256640.png
5 of 6 Ed Bott/ZDNet

These three extensions are added to Firefox automatically; similar extensions are added to Chrome and Internet Explorer. What do they do? Where do they come from? Who knows?

For more details, see "Social engineering in action: how web ads can lead to malware."

6256641.png
6 of 6 Ed Bott/ZDNet

After the installation is complete, are there any additional clues about what you've just installed? Not really.

Here’s what you’ll see in Control Panel. Note the complete absence of a publisher name for the “enhancements.” And look along the bottom of the window: where you should see help and support links, there’s nothing.

For more details, see "Social engineering in action: how web ads can lead to malware."

Related Galleries

Linux turns 30: The biggest events in its history so far
05-debian.jpg

Related Galleries

Linux turns 30: The biggest events in its history so far

31 Photos
Say hello to the early days of web browsers
netscape-shutterstock-189041855.jpg

Related Galleries

Say hello to the early days of web browsers

9 Photos
Parallels Toolbox 5.0 for Windows and Mac, in pictures
Mac Dashboard

Related Galleries

Parallels Toolbox 5.0 for Windows and Mac, in pictures

12 Photos
Parallels Toolbox 4.5 for PCs, M1 and Intel Macs
Parallels Toolbox

Related Galleries

Parallels Toolbox 4.5 for PCs, M1 and Intel Macs

39 Photos
Parallels Toolbox 4 for Windows and Mac
parallels-toolbox-show-desktop-macos-screenshot

Related Galleries

Parallels Toolbox 4 for Windows and Mac

10 Photos
How to perform a clean install of Windows 10: Here's a step-by-step checklist
00-before-you-start.jpg

Related Galleries

How to perform a clean install of Windows 10: Here's a step-by-step checklist

17 Photos
Linux survival guide: These 21 applications let you move easily between Linux and Windows
apps-for-linux-and-windows.jpg

Related Galleries

Linux survival guide: These 21 applications let you move easily between Linux and Windows

22 Photos