Advertiser Sneaks Malware into Flash Ad

An underhanded advertiser trick that hit LiveJournal demonstrates a risk of accepting Flash ads -- they can pop up windows:

... the Flash ad contains code to open a popup that leads to a very different destination -- it's what I assume is an affiliate link that attempts to download and install ErrorSafe on your computer (link is to Symantec's description of it).

This, of course, would be totally against any ad company's guidelines. Masquerading as a banner ad, but discreetly opening a popup -- and not only that, but to what people consider malware -- is totally against any ad company's guidelines. So how did it get through?

Simple -- the ad actually contacts its website in the background, and the site returns a response code that tells it whether to display the popup or not - "popup=1". My guess is that returned "popup=0" while the ad company were testing the ad for conformance to guidelines, and then they turned it back on once it was out in the wild.


Rcade maybe you should try it. Anything that makes money is good

Add a Comment

All comments are moderated before publication. These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).