Post by kas on Jul 8, 2011 20:31:51 GMT -5
How ads on legitimate web sites can lead to malware and unwanted software
This ad uses social engineering to trick you into clicking
This ad appeared at the bottom of a post on a lightly trafficked but legitimate blog. Notice the animated graphic and yellow bar, both designed to mimic the appearance of similar “missing plugin” messages from browsers. The ad was served by a third-tier ad network, AdBrite.
More social engineering to convince you to download
Clicking the ad takes you to a page that uses more social engineering to simulate the experience you might have trying to play a video file in your browser. The spinning wheel next to the word “Buffering” suggests that the page is trying to download a video but is being stopped somehow.
Although this screen was captured in Google Chrome, the experience is identical in other browsers, including Internet Explorer.
For more details, see "Social engineering in action: how web ads can lead to malware."
This installer looks like the real thing (it's not)
If you run the unsigned download, this installer starts up. It certainly looks like the real thing, and it even offers a choice of Express or Custom installations.
It actually does install a version of the Xvid codec, but it also includes a few unwanted extras...
For more details, see "Social engineering in action: how web ads can lead to malware."
With this installer, you get more than you asked for
In addition to the codec, this installer slips in a few extras. Without your consent, it installs extensions for any browser you have installed, as well as a copy of Real Player.
These Firefox extensions are installed automatically
These three extensions are added to Firefox automatically; similar extensions are added to Chrome and Internet Explorer. What do they do? Where do they come from? Who knows?
These uninstall options provide little information
After the installation is complete, are there any additional clues about what you've just installed? Not really.
Here’s what you’ll see in Control Panel. Note the complete absence of a publisher name for the “enhancements.” And look along the bottom of the window: where you should see help and support links, there’s nothing.
www.zdnet.com/photos/how-ads-on-legitimate-web-sites-can-lead-to-malware-and-unwanted-software/6256635
This ad uses social engineering to trick you into clicking
This ad appeared at the bottom of a post on a lightly trafficked but legitimate blog. Notice the animated graphic and yellow bar, both designed to mimic the appearance of similar “missing plugin” messages from browsers. The ad was served by a third-tier ad network, AdBrite.
More social engineering to convince you to download
Clicking the ad takes you to a page that uses more social engineering to simulate the experience you might have trying to play a video file in your browser. The spinning wheel next to the word “Buffering” suggests that the page is trying to download a video but is being stopped somehow.
Although this screen was captured in Google Chrome, the experience is identical in other browsers, including Internet Explorer.
For more details, see "Social engineering in action: how web ads can lead to malware."
This installer looks like the real thing (it's not)
If you run the unsigned download, this installer starts up. It certainly looks like the real thing, and it even offers a choice of Express or Custom installations.
It actually does install a version of the Xvid codec, but it also includes a few unwanted extras...
For more details, see "Social engineering in action: how web ads can lead to malware."
With this installer, you get more than you asked for
In addition to the codec, this installer slips in a few extras. Without your consent, it installs extensions for any browser you have installed, as well as a copy of Real Player.
These Firefox extensions are installed automatically
These three extensions are added to Firefox automatically; similar extensions are added to Chrome and Internet Explorer. What do they do? Where do they come from? Who knows?
These uninstall options provide little information
After the installation is complete, are there any additional clues about what you've just installed? Not really.
Here’s what you’ll see in Control Panel. Note the complete absence of a publisher name for the “enhancements.” And look along the bottom of the window: where you should see help and support links, there’s nothing.
www.zdnet.com/photos/how-ads-on-legitimate-web-sites-can-lead-to-malware-and-unwanted-software/6256635