Google DoubleClick Caught Serving Malicious Ad

Someone in our office got hit by this - nod32 didn't stop it. In addition to hdd plus, the tdss rootkit was installed.

To all of the the websites which have maliciously targeted users of NoScript and/or AdBlock Plus (Ars Tecnica, I'm looking at you), <i>now</i> do you understand why there is a segment of your readership which uses such software?!?<p>Pfft, I doubt you care. Once you serve an add, the consequences of your actions are safely ensconced in a Not My Problem field...

Nothing new here: this sort of malware slips into ad networks on a regular basis. This time it just didn't get caught soon enough.

I'm surprised that running an ad includes the option of including free-form scripts. What's wrong with animated GIFs, as least these should be safe.

Is it funny to anyone else that Wired uses DoubleClick ads in this context? (And a page was blocked from popping up from another network?)<p>What I do know is that IE/FF/Chrome all have bugs that can be exploited by this malware - I see it regularly. While it may also be Adobe's fault at some junctures, I think with how much of a problem it is the browsers should at least TRY to detect dubious scripts/PDFs. Mozilla/Google can make their browser warn of an infected site but they cannot do a quick on PDF contents before initiating Reader?

Something similar may have happened to reddit almost a month ago: <a href="http://www.reddit.com/r/announcements/comments/e7988/a_number_of_reddit_users_have_reported_finding/" rel="nofollow">http://www.reddit.com/r/announcements/comments/e7988/a_numbe...</a>

Two of my housemates got hit by this. But both of them run Chrome regularly.

doubleclick.net and its brethren are all routed to 127.0.0.1 in my /etc/hosts.

Why do browsers not block ads by default?