CIOZone.com - Professional Network for CIOs and IT Professionals

In what appears to be an alarming trend, several more sites have been tricked by cybercriminals into running their advertisements for fake anti-virus software.

It’s difficult to know how often perpetrators of such “scareware” tactics have been able to get their ads on sites, but attention was drawn to the problem in September when the venerable New York Times admitted it had been tricked into running rogue ads on its site.

The Times posted a note to readers saying the perpetrators posed as the Internet telephone company Vonage and initially ran legitimate Vonage ads. But at some point over a weekend, the Vonage ads were switched for ads warning readers that their computers were infected by a virus. Some readers were then duped into downloading malware.

This week two more sites appear to have fallen victim to the same type of scam. Popular tech site Gizmodo issued an apology saying it had been tricked into running malicious ads purporting to be from Suzuki. “They somehow fooled our ad sales team through an elaborate scam,” the site’s editor stated. “It’s taken care of now, and only a few people should have been affected, but this isn’t something we take lightly as writers, editors and tech geeks.”

And in a blog on the Silicon Alley Insider, former technology investment guru Henry Blodget details how Gawker Media, a celebrity gossip Web site, was tricked into running similar ads from Suzuki. In the blog, Gawker shares the warning it sent out to its sales team.

It says the scammers are approaching publishers as representatives of Spark-SMG on the Suzuki account, even though Suzuki very recently switched agencies. The scammers have intimate knowledge of online ad sales, including using industry terms like eCPM, roadblocking IAB sizes, and lead generation. They maintain a Chicago area code (where Spark is based), but claim to be in London, and unlike most spammers, they were happy to answer the phone.

It’s disturbing that the methods used by the rogue advertisers have been so successful at tricking some very respected media brands. That not only damages the reputations of those brands, but places their readers –who have a built-in level of trust – at risk.

Comments (2)

	1. 10-28-2009 09:14
	At a previous position in which I did Online Advertising Operations, something similar to this happened to me: a third-party ad network partner was fooled by scammers pretending to represent FedEx into running what appeared to be genuine FedEx ads. Then late on a Friday night, the scammers altered the "FedEx" ad code code to also include a fake system message pop-up which installed malware if you clicked on it.    The scammers managed to be partially successful because this ran over the weekend, when most sites didn't have their online advertising people available. I managed to figure out the problem after an hour of head scratching on Saturday morning; it was difficult to troubleshoot because it was easy to assume that "FedEx" was legit.    There are many reasons why such a scam is possible and why I'm not surprised Gawker/NYT/Gizmodo were fooled: first of all, most of the time online advertising for giant corporations is purchased on behalf of an agency, not from the corporation directly. So it is very believable to be approached with something like, "Hi, this is Joe Smith from Creative Factory, we are doing a campaign for Suzuki and would like to buy ads." That would not be an uncommon situation.    Furthermore, online advertising usually isn't paid for up front. So it's not like Gawker got a fake check from "Suzuki", they just ran the ads in good faith that they'd be paid later, upon completion of the campaign.    And advertising code is often third-party served; the sites that run the advertising don't really have control over what displays in the ad code they are given after they have initially implemented it. The reasons for this are numerous, but -- for example -- this is done so the client/advertiser can rotate in new creative into their campaigns at any time. Unfortunately, this freedom is also what allowed the scammers to insert the malware serving code.    I think it is very likely that other small-to-mid-sized sites will be fooled by similar scams/tactics in the future. Registered

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

	2. 10-28-2009 13:24
	It's interesting to note that the New York Times malware ads also ran over the weekend. I think you're right Kevin that they pull the switch when the advertising people aren't likely to be around. Registered

Mel Duvall

Only registered users can write comments.
Please login or register.