More than a month after Microsoft patched the .ANI vulnerability, Tom's Hardware has found the W32.ani Trojan lurking in one of its banner ads. ScanSafe, a managed Web security services company, found that Tomshardware.com was unknowingly hosting the banner ad, which was redirecting users to a site hosted in Argentina from where the driveby malware was automatically downloaded. The banner ad was up, infecting victims with unpatched systems, for 24 hours. When ScanSafe contacted Tom's Hardware, they were told that the site had already learned of the Trojan from its victims.
According to a media kit on Tom's Hardware, the site gets more than 5 million unique page views from more than 1.9 million unique visitors monthly. The incident illustrates the current status of malware worming its way into places that many people wouldn't expect them to be. Thanks to irresponsible administration of advertisement systems, people can no longer rely on the URL as a sign of whether any external links or links from ads on it are potentially dangerous.
News source: eWeek
20 Comments - Add comment