Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine

They’re getting smarter and smarter! According to SC Magazine the malicious banner ads have hit up Myspace, Photobucket, Bebo and and Ultimate Guitar. Interestingly enough:

The fictitious ads know to remove the malicious code if they detect the known IP addresses of the Right Media scanning servers.

Well, I say enough! Thanks to Mandy Singh for the tip about using flash permissions to restrict what the ad can do on the site. The malicious ads use javascript to both determine whether or not to and actually execute on the drive-by installs. This permission can be restricted by using the AllowScriptAccess flag. I’ve tested this on various errorsafe flash files and indeed it prevents them from launching an install.

So here’s my proposal — the default for serving any ad should always be with restricted script access. Of course this will probably break certain rich-media ads, which should be individually certified as ‘safe’ and given explicit approval to execute javascript.

Related Posts:

  • Sandi

    Hi Mike,

    I wonder how services such as AdBrite would react to your proposals. Adbrite’s response to a correspondent of mine when he complained about hijacking winfixer ads was, to paraphrase, “all adv networks have the same problem – just click the cancel button on the popup dialogue box and then go back to the original site”.

    Of course, the fact that clicking on the cancel button has the same effect as clicking on an install button escaped Adbrite’s notice.

  • CPM Advisors

    It’s bad enough to be showing ads that almost nobody clicks on (0.1% maybe?) for a $0.33 CPM, but when those ads are trying to install malicious software…. ouch… sucks to be a publisher. Is it any wonder that (relatively) safe and simple and good international coverage (Google Adsense) is a good default choice for pubs?

  • Mike On Ads » Blog Archive » Malicious Ads getting More Attention — People Still Clueless

    [...] Enough is enough — time to restrict ad permissions [...]