Advertising Poisons Major British Media Site
Any time that a site loads external content in their main pages there is a risk of something going wrong. Probably the worst thing that could go wrong is some of this content attempting to take control over the systems belonging to site visitors. This is a risk that has been covered here before, but it is something that is alarming and most likely completely unexpected to the site operator when it does happen.
One such incident recently took place on the main site for British media firm ITV. According to Sophos, advertising placed on the site was being used to push 'scareware' to end users, sniffing out the Operating System a visitor was using, and serving the appropriate scareware ad to each visitor. ITV wasn't the only British media firm affected, with Radio Times (a TV listing magazine) also affected. Other sites are considered likely to have been affected by the injected malware.
Incidents such as this highlight the risks that even 'safe' websites can pose to end users. Advice such as whitelisting safe sites in a 'Scripting only' zone (either through IE's trusted zone, or through the use of an extension like NoScript on Firefox) can now be considered out of date and likely to harm end users.
What should users be advised to do now? Telling them to disable scripting completely may be somewhat safe (ignoring the research that is going into hacking via CSS), but it effectively disables much of the Internet, including online shopping sites, online banking, and many sports and news sites. Perhaps the best thing would be to have browsers that can run happily inside a sandbox, reducing the threat of automated exploitation, and for that to be the default operating configuration direct from the browser developer.
24 February 2008
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.