It appears that hackers have come up with a new way to attack website such as eBay, although reports are widespread that sites such as Autotrader and even the London Stock Exchange have been affected.
Rather than attack the site directly the hackers have attacked the banner ads displayed on these sites through advertising networks. The adverts attempted to redirect users through a number of links eventually attempting to sell fake anti-virus software. Other than the banner adverts no other parts of any of the affected sites were compromised.
This must now be a worry for any website who display compromised syndicated adverts. By attacking third party ad networks it gives cyber criminals a much larger reach than attacking any individual network can, and until the sites were blocked by browser malware black lists users were reliant on their own anti-virus software to protect them.
What’s especially interesting is that the hackers were willing to pay for the adverts to be displayed in order to distribute their malware. The rewards of controlling the compromised computers are big enough to justify the upfront cost of placing the compromised adverts onto well known sites with high traffic volumes.
Sites such as eBay depend on their reputation as safe places to transact and eBay themselves are dependant on the third party ad networks to ensure only safe content is displayed. Adverts which play sounds on mouse-over are annoying, but ads including malware are simply unacceptable. The ad network in question has a lot of explaining to do as to how the compromised code slipped through the net and was distributed.
Edited to add: eBay have issued the following statement:
We would like to confirm that eBay.co.uk was one of the websites affected by malware widely reported on Sunday 27th February. The malware, affected a small proportion of advertising on the site and we addressed the issue immediately by removing all affected ad designs from the site. At no stage were eBay systems compromised.
We are taking this matter very seriously which is why we have taken the decision to sever ties with the advertising provider involved effective immediately.
eBay is committed to providing a safe and secure environment for its customers. We advise all our customers to run Anti-Virus software on their computers and refer them to the eBay Security Centre at https://pages.ebay.com/securitycenter/antimalware.html to find out more information about malware and how to protect themselves on the Internet.
16 Responses
“The ad network in question has a lot of explaining to do as to how the compromised code slipped through the net and was distributed.”
And so does ebay! Sloping shoulders onto a 3rd party won’t wash, ironic that ebay hammers sellers for failures by 3rd party postal services.
Well said.
So much for Trust and Safety
If this discourages eBay users from clicking on these annoying ads and as a result advertisers no longer seek to use them and we get back to a cleaner page then so much the better.
I personally never click ads, and certainly wont do in the future. I tend to take in the info and if it is of interest go to the site via google.
are you confident the adds on this site
are safe?
I got the virus and so did my wife on her laptop, neither of us clicked on any adverts.
“hackers were willing to pay for the adverts to be displayed” – Not likely, they will be using stolen card/account details. Another wake up call for the masses to increase password security as overall the ease of breaking into weakly pass-worded accounts makes this type of problem so much easier to create.
hmmmm…
1 Its not a virus, it’s a trojan.( sorry but its one of my pet hates)
2 It doesn’t let anyone “control” your computer.
3.As trojans go it is pretty lame and easily got rid of.
As for ebay being responsible, nah thats just stupid, thats like blaming your employer when you catch a cold at work.
Ebayers were not clicking on adverts, It was an advertising banner across the top of the page, being largely ignored, just like the one on this page I see before me.
They haven’t paid for the adverts they have hacked into the syndicate site and planted the trojan on multiple legit banner ads. The sites that serve up these have no control over what they contain and rely on the provider to ensure they are free of malware.
ebay its getting worse.. not only has the auction site turned into the high street with half the sellers are buisnesses..and then adverts and now trojan horses..what ever happened to that fantastic auction site that once was..another case of something being fixed before it was broke ..same as all ebays policy