UPDATE: Whitepages online and Bigpond ads 'hijack' users

By on
UPDATE:  Whitepages online and Bigpond ads 'hijack' users

Whitepages online and Bigpond have been forced to remove banner ads purporting to be from Skyauction.com after a security professional discovered hackers had embedded malware on the ads which redirected users to unsolicited websites.

Sandi Hardmeier, security professional and Microsoft MVP raised the alarm Tuesday evening on her blog claiming a Flash advertisement displayed on the site contained malware that 'hijacks’ visitors from the website to a site touting (or alternatively, selling) MalwareAlarm.

“As soon as it [the Flash ads] appears on the site the page gets redirected to MalwareAlarm website, without any user interaction. It makes you think you have a virus on your system and then appears to search your system and detects viruses which don’t really exist,” she said. “Depending on the product, it then offers to clean your system for approximately US$20 - US$80.”

Bigpond, the White Pages and the Yellow Pages as well as several other Sensis sites were at risk but the threat has since been averted with Sensis pulling the offending ads, Hardmeier said.

According to Sensis, the company acted swiftly to remove the sabotaged banner advertisements that were running on popular Sensis sites such as yellow.com.au, whitepages.com.au, whereis.com, as well as Telstra's BigPond portal, effectively limiting the impact of the malicious program to visitors of Sensis’ and BigPond sites.

“As a leading online content and advertising business, we treat online security with the utmost importance,” said Sensis’ General Manager, MediaSmart, Anthony Saines.

“We apologise for any inconvenience this incident may have caused and assure our users we are absolutely committed to doing all we can to prevent this type of thing occurring again,” Saines said.

For people concerned they may have been exposed to any type of malicious code, Saines said the best advice was to run a scan of their computer files using an up-to-date anti-virus program.

Hardmeier anticipates infamous sites such as mysurvey4you, blessedads.com and prevedmarketing.com were behind the attacks.

“If you get redirected – don’t click on the page, if you try to close the browser a very real looking alert will appear telling you that the scan is not complete. Click the X mark and it will close the page,” she said. “I'll be happiest when those advertisements can no longer be accessed, even via direct URL.”

She added: "These particular ads are popping up all over the world with tvguide.com and the economist.com suffering major outbreak in recent weeks.”
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?