WHID 2009-41: Malware in Advertizing at Digital Spy

The register reports that Digital Spy, a high profile UK gossip site carried banner inflicting ads. Digital Spy has acknowledged the issue and said it promptly addressed it, however details on the source of the malicious banners is still not availalbe.

Malware distribution through ad programs is a borderline phenomenon. While there is no question that malware distribucion is malicious, and in most geographies illegal, in many cases the site owners are not technically responsible for the content of the ads they serve  as the ad content comes directly from a 3rd party. The question whether they are legally responsible is open.

Another issue is defining a malware. Many times ads are used to entice users to download and install programs that are questionable. a rootkit installed through a known browser vulnerability is a malware, however the distinction between adware and malware is many time blurred and depends on:

  • The ratio between benefit to the user and benefit to the software distributor,
  • The clarity in which the benefit to the software distributor is explained to the user, and lastly:
  • The legality of this benefit



Attack Method: 
Incident Outcome: