Google and Microsoft Ads Accidentally Spread Malware
In an attack that's as ingenious as it is widespread, spammers have co-opted the Internet's largest ad services, run by Google and Microsoft, to spread the HDD Plus malware. The spammers used the old standby of typo squatting to fool DoubleClick (Google) and MSN (Microsoft) into displaying banner advertisements that downloaded malware unto unsuspecting computers.
According to Ars Technica, the spammers launched their attacks from AdShufffle.com (three f's), a domain name that looks so much like AdShuffle.com (two f's -- and a legit advertising company) that the DoubleClick and MSN administrators didn't investigate when the hackers bought ad space.
AdShufffle banner ads then used holes in the security of Internet Explorer, Java and Adobe Reader to implant the HDD Plus program on anyone who happened upon the malicious ads. Since the malware was of the drive-by variety, visitors would download the malware even if they didn't click on the banners.
Typo squatting has always preyed on human weakness, but those tended to be weaknesses in uneducated computer users. By using this kind of attack to fool the web professionals at Google and Microsoft, these spammers have not only shown how old techniques can be repurposed for new attacks, but have left a trail of embarrassed computer experts from Mountain View to Richmond.