Think Malware Links Go Away? Trust but Verify

Submitted by Robert Abela on May 24, 2010 - 3:31 pm No Comment

Much like Mr. Reagan, we need to trust but verify.  Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing ads packed with malware links on their networks.  We are not the only ones who have identified this issue, check out the following links for more information about them:
Google Adsense distributes malware – Google blocks own publisher!
AdultAdWorld (AAW) -distributes malware – doesn’t answer the phone

This highlights a major issue that we have been discussing for a long time with all of our customers — that is, the need for ongoing Malware detection scanning. Your site might be nailed down. Your site might be clean from SQL injection, Apache flaws, cross site scripting, and the myriads of other issues associated with open source and custom developed software. However if you run any sort of ad network, widgets, or anything else that inserts code from other sites you are running a major risk.

In these cases you are a very simple publisher. You trust your ad network since they are your partner. And now those lovely people are inserting Malware into your site.

Looking further, although humorous but serious, Adsense itself inserted malicious ad code into a customer’s website — and then proceeded to ban them and slapped the nasty Malware alert window on this board buggers website.

Now, how are going to react in this sort of scenario?  I’d be interested in your comments, however at the end of the day you have to trust somebody and I like trusting by a verification — and in this case we use several third parties for our validation services since I don’t trust anyone on its own.