Ad firms are offering HDD malware

A COUPLE OF high profile advertising networks have been accused of letting a brand of malware slip through on their banner ads.

According to a blog post from Armorize, an application security firm, both Doubleclick and rad.msn.com - two of the biggest ad servers - were being used to shill drive-by malvertising to unsuspecting web users.

The adverts are offering HDD Plus, a predictably swineish piece of malware, said the security firm.

HDD Plus pretends to be the solution to your computer optimisation problems, but in reality is more likely to cause them. Once installed it insists on starting itself when the computer is booted up, makes a nuisance of itself and proves particularly difficult to boot off your machine.

Nice then that users are being exposed to it while wandering through what they thought were pretty friendly websites.

"Over the past few days, we saw the quick spread of HDD Plus--a malware that (somehow) gets installed on victim computers, and holds the computer hostage by displaying threatening message (that the system is failing), asking you to purchase a license so HDD Plus will fix the problems," the firm blogged.

"We've realized that one of the means for HDD Plus to spread, was via drive-by download malvertising through (at least) DoubleClick and rad.msn.com, which are both the world's largest ad serving platforms."

Armorize said that when a surfer visited an affected web site with banner ads from the two firms they are served a malicious javascript from ADShufffle.com. This, it added, then starts a drive-by download process and installs HDD Plus to the user's computer without even telling them.

In fact, the firm explained that it would be installed, "without having the need to trick the victim into doing anything or clicking on anything". Apparently, "Simply visiting the page infects the visitors."

Although Armorize named a number of websites through which the malware might be spreading, it also said that it had discussed the issue with a number of them. µ