Google and Microsoft were duped by attackers who tricked them into distributing malware in the name of bona fide software to its users. The attackers used a plot from the phisher’s books. The attackers posed as bona fide providers and used a domain similar to their domain.
Addshuffle is a legitimate company and the attackers made a similar domain in the name of Addshufffle.com with 3 f- and duped Google and Microsoft. This happened sometime in December of 2010. The ads on the banner tried to use a series of exploits which consisted of two on Internet Explorer, one Java and four Adobe Reader mistakes which have now been patched. All these were devised to set up a malware called HDD Plus which is a bogus type of disk diagnosing software. Along with the warnings of forthcoming failures it also says that trouble can be avoided by installing the complete version which has to be bought.
On an analysis, the malware was found to have been distributed by obfuscation techniques which had been used to cover up the exploitation. Resultantly, the trapping of the malware was found to be not done. While the offenders have been hauled up, the activity still continues and similar attempts will be made to distribute the malware.
Such phishing attacks have been used to attack end-users with look-alike URLs, fooling them to use contents as a trusted source but which aren`t. Both gatekeepers at Double Click and MSN fell to the same trick. The reach of these advertisements is broad and this means that the exposure of them to the bad advertisements is obvious. How many have been exposed to these bad ads is still being calculated.
Along with exposing to human discrepancies, it also denotes that these attacks render the automated procedures of a network to be malfunctioning. Even when the filtering of malware detected the malware, it did nothing to prevent it at all.
This instance is not an isolated one. Similar trickery has been committed earlier too by distribution of Vonage ads with drive-by malware. Many other networks similar to MSN and Double Click have been targeted. Many other networks have reported attacks of a similar nature.
Mozilla is 5 times less probable in detecting malware to IE 9. This consensus was reached when the malware was distributed to Double Click and MSN. On the whole Chrome, Apple Safari and Opera 10 trailed behind and were less likely to detect the distribution of malware.
In any instance, it is now possible to detect malware on a network. However, there need to be ways of preventing such malware from being distributed. Finally, it is more important to be able to prevent malware while detection is a thing of post haste. More precaution is better than looking for a cure. It is more of effort to remedy than to adapt prevention.