Pop-under Ads offering Security checks and Updates

From: Arturo Esquivel (rael_at_GDL.COM.MX)
Date: 11/16/03

Next message: Maxim S. Shatskih: "Re: The Developer Implications of Windows XP SP2"

Previous message: Russ: "MinorRev: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sat, 15 Nov 2003 17:05:41 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

I was checking a computer at one of my client's home, and when I closed IE the pop-under ad blasted me with an offer to update my computer. This ad was mimicking MS Automatic Updates; not very closely but closely enough to snare your average home computer user that sees the auto update dialog once in a great while (if at all.)

On closer inspection I could see that it was an ad for some of those dubious performance accelerators, so I decided to click on the 'Read more...' link just to see where it would take me. It opened a page with a heavy flash animation, which being on a dial-up connection, it was taking too long and since I was in a hurry I decided to just shut IE and get on with my work.

The on-exit ad that I got was astonishing: here was this ad, sporting a Windows XP look and feel, offering me a Recommended Security Update, and bearing a mock MS KB article number which when applied would protect me against Creditd Card, passwords and Identity theft... none the less.

The trouble that I want to bring to your collective attention is the fact that if these type of ads start to proliferate on the Net then it wont't take long before some enterprising hacker will create her own ads and then put a trojan on a couple of thousand naive users that clicked on the 'continue' button, and clicked ok on all the security dialogs. After all. I'm installing a security update from MS...Right??

Saludos

Arturo Esquivel

P.D: Check the ads: http://gdl.com.mx/bugtraq

PP.D. If I am barking up the wrong tree please just disregard this message.

-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----

Next message: Maxim S. Shatskih: "Re: The Developer Implications of Windows XP SP2"

Previous message: Russ: "MinorRev: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]