Many people don’t like flashy advertisement banners on Web pages. But ads are a necessary thing for some pages to keep them free and help the owners pay their hosting fees. That might have been one of the reasons the bad guys thought of when using malicious banner ads as an attack vector. I’m not talking about the annoying banners that will overlay half of your screen so that you have to click them away manually. I’m talking about malicious ads, sometimes referred to as "malvertisement" or "badvertisement," which contain a malicious script or a hidden redirector. Most of the time it’s a flash object that contains an obfuscated action script which redirects the user to a malicious site after performing some user client checks. If the IP address of the requester falls into the desired geographic location and the IP address was not yet served, then it will be redirected to the bad site. This site can then either use one of the well known Web attacking toolkits to exploit a vulnerability in the visitor's browser, or it could try to annoy the user with persistent pop-ups and social engineering tricks to get the user to install a misleading application or Trojan. Rogue antispyware tools seem to be a very popular thing that are pushed out using these methods at the moment.
The malicious ads are not a new phenomenon. In 2006 a popular social networking site was hit by a big wave and several other big names followed. Furthermore, the attacks are not only targeting English language Web sites since there have been several cases already in other languages, such as German. This is another good example of how legitimate and trusted Web sites can unknowingly serve malware to you.
The criminals often make the effort to appear as legitimate small advertisement companies and then they buy hosting space at other advertisement companies to host their banners. The ads are sometimes just copies of official ads with the malicious script injected. Most companies do try to thoroughly check the content of the ads, but as the situations show, they do not always succeed. Some malicious ads may even have an internal start date and will behave innocently until this time has come.
What can you do to protect yourself and your computer? Besides the obvious running of a good antivirus suite you can also block advertisements in your browser. Some have built in methods to do so and some use external add-ons or extensions, such as the NoScript or FlashBlock extensions for Firefox.


More...