Security software vendor Malwarebytes has revealed in a blog post that Google’s DoubleClick and Zedo have been delivering advertisements potentially capable of infecting users’ computers with malware.
In a blog post, Jerome Segura, a senior security researcher has cited The Times of Israel, The Jerusalem Post and the Last.fm as responsible for distributing the malicious software unaware, with the last one said to be the most recently attacked. Segura wrote, “We rarely see attacks on a large scale like this.”
Though investigation by the security vendor is on, indications are that The Times of Israel has already been alerted in an effort to contain the menace. A successful attack can result in the Zemot malware installing in the users’ computers and further encourage more downloads of malicious software, says Malwarebytes.
Advertisement networks generally prevent the distribution of malicious software actively to safeguard their reputation. This could pose a big problem in high-traffic sites as it could negatively affect the users. Websites serving such advertisements may not be aware of this factor, say experts.
Segura further wrote, “What is important to remember is that legitimate websites entangled in this malvertising chain are not infected,” and that it is the advertising agency that is squarely responsible for this.
