According to security experts who have been tracking the sudden surge of badvertising, which was still ongoing as of Nov. 14, ads from an RBN front company called AdTraff and other RBN front organizations are using JavaScript and Flash in ingenious new ways, inserting SWF (Shockwave Flash Object) files into Flash animations that then spawn entirely different—and thoroughly malicious—ads than depicted in the submitted Flash file.
The readers are seeing ads for porn, Viagara and bogus anti-spyware programs that keep popping into visitors' faces and just won't go away until the ads wear them down. They see them on well-reputed publishers' sites, on Google, on Yahoo—places where they don't think they'd have to watch their e-back.
The ads are maddening. Lots of people give up and wind up buying the application to get the annoying popups out of their faces. These files are in fact malicious code, and they are planting Trojans and other malware. More often than not, users who buy the anti-spyware will have their credit card information sold to thieves.
Code will be placed on their machines—not so much backdoors rather than blatant front doors, with the code receiving instructions from servers associated with the RBN. With the code in place, their systems are turned into zombies and their capacity sold on the black market.
The RBN operatives are going directly to both independent publishers—that's where ad networks like DoubleClick get involved, as those independents turn to the firm for ad hosting—as well as small advertising networks as they purchase space for their shape-shifting badvertising.
The malicious ad creators are submitting creatives—that's advertising speak for ad content—that look perfectly fine at first blush. Except for nasty little SWF files tucked away in Flash files, that is. Often, the RBN operators are scraping ads off the site they're abusing and inserting the SWF into those. That way, a reader may complain about getting sent a malicious ad, but when he's asked what ad he saw before being sent to the bad one, it turns out to be a carbon copy of a legitimate ad, making it all the harder to track down the bad ad.
Both security researchers and online advertising managers are at a loss regarding how to stop the onslaught. A security researcher told eWEEK that beyond the lack of tools to check Flash ads and other creatives, one of the problems is that there's nowhere to go to stay informed of these types of situations.
