Addressing vulnerabilities in the ad network chain

TechCrunch yesterday posted an article covering the growing concerns of vulnerabilities in top ad servers and ad networks around the world.  The current focus of these articles is the JS:Prontexi virus, named first by Avast!, which is a harmful javascript code that acts as a channel for malware attacks. This virus can infect users without even clicking on the ad.  According to CNET:

Found in ads delivered from those networks was Javascript code that Avast dubbed “JS:Prontexi”, which Avast researcher Jiri Sejtko said is a Trojan in a script form that targets the windows operating system.  It looks for vulnerabilities in Adobe Reader and Acrobat, Java, Quicktime and Flash and launches fake antivirus warnings, Sejtko said.

Users don’t need to click on anything to get infected; a computer becomes infected after the ad is loaded by the browser, Avast said.

What we’re seeing now is more dangerous and damaging than in the past.  The makers of this virus have compromised major ad networks and ad servers in the recent weeks – including ZEDO.

We thought we’d take this time to present what we know and what we’re doing about it.  We found – with the help of others in the online security community – a sample tag of ZEDO’s that resulted in the JS:Prontexi virus infection on the test machine.  We quickly checked for the presence of the advertiser tag across all our customers, and found several instances, however, at the time of this check, all ads were expired or inactive, including the ad code we tested.

To state another way – though we were able to locate a bad ad tag in our system, it and all other instances were already turned off and not running in ZEDO.  Our security processes and systems, or our own diligent customers, had already located the problem and shut it down.

The ZEDO system automatically scans the contents of all uploaded ad code for the presence of anything suspicious, from suspicious flash or javascript code, to known suspicious domains.  We have also started a whitelist-only model, and are allowing only tags from authorized ad networks to be uploaded into the ZEDO system.

Unfortunately, this doesn’t protect ZEDO, or any other ad server, from future problems.  Since we do accept all known ad servers and legitimate ad networks, we are vulnerable to the internal security processes of other systems.  It is in the best interest of the entire industry to work together on this.  Communities and alliances are forming between direct competitors, companies are joining hands and efforts, and sharing information quickly to catch and kill these problems.

Ad networks and publishers need to take more care now than ever, to protect their relationships and ultimately, end users.  Ad Networks must scrutinize their business relationships.  In this economy, it can be tough for ad networks to walk away from a deal, and even tougher when things look good on the surface.  Start to pick the surface though, and you may find fake companies, anonymous, international or recently registered domains, and more. We’ve seen and heard of companies falsely representing major, global ad agencies, and creative that mimicks top Brand Advertisers.

We are doing everything we can to protect our customers and Internet users.  For more information on ZEDO’s Anti-Spyware policy and efforts, click here.

Summer Koide

VP, Product and Services

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply