Ads on Facebook serving up adware

By

An apparent adware distributor is placing ads that download adware and spyware on to the unpatched Windows computers of those visiting the popular Facebook website.

Ads on Facebook serving up adware
Roger Thompson, chief technical officer of Exploit Prevention Labs, revealed the exploit in a blog posting. He noted that he "was reading a friend's FaceBook blog when Internet Explorer displayed a message noting that a webpage was trying to start RDS (Remote Data Services) services, and would I allow it.

"I clicked 'No,' then thought, 'Hang on . . . it shouldn't have been starting RDS!' So I started a goat machine, retraced my steps, and about a minute later . . . blam . . . programs dropped and executed on my machine."

After rebooting the unpatched PC, he discovered when he started "IE and went to my home page, I got extra copies of the browser starting and ads being served." A check of whois, he said, revealed the adware was coming from a "prominitions" website, which was downloading adware and spyware to vulnerable machines.

But "it's not clear who owns it," Thompson said. "Its ownership is hidden by one of anonymizing Internet registrars.

"You'd normally expect to see this sort of stuff if visiting websites of ill repute, such as pornographic websites," Thompson said. "You wouldn't expect to see them on something innocent" such as Facebook.

Windows PCs of users who have not installed Microsoft patches MS06-140 and MS-06-142 from September 2006 are vulnerable to the exploit, according to Thompson. Those patches cleared up a variety of remote data services exploits, he explained.

"Anybody who is patched is perfectly safe," Thompson said. He added, however, that many organisations do not "patch automatically because they tend to have homegrown applications" that conflict with some of the patches.

In these situations, "People checking their Facebook pages at work could easily get adware on their PC.

"The issue is the web is the emerging battleground," Thompson said. "People need to be aware that others are trying to get into their computer that way. The underlying message: Make sure you're automatically patching your computer, and it's a good idea to install something like anti-exploit software."

"The ad in question violated Facebook's ad guidelines and was removed from the site," a Facebook spokesman said. "Facebook is also working closely with the international ad network that served the ad to ensure that future ads meet its strict guidelines for appropriate and safe advertising."

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
adwarefacebookonsecurityservingup

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?