According to ScanSafe's blog, sites including drudgereport.com, lyrics.com, horoscope.com and slacker.com were running banner ads that delivered a malicious malware PDF.
The malicious malware PDF exploits the Adobe PDF reader, along with Microsoft's ActiveX DirectShow exploit. The exploits have already been patched. Microsoft released its fix, named MS09-032, back in July, but as with the Conficker worm, users are notoriously slow at patching their software.
The PDF file, which is generated on the fly with unique changes to try and avoid signature detection, attempt to download additional Trojan malware via the web. According to ScanSafe, the malware also tampers with user searches and can redirect them to different websites than the ones they expected, and a back door is installed.
According to reports, the malicious advertising malware was delivered over DoubleClick, the advertising company owned by Google. Yahoo!-owned Right Media was also targeted, along with a third advertising service called Fastclick.
The malware attack lasted four days, using domains registered on September 19 and 20. They ended on Wednesday, and ScanSafe believes that they were registered via three, virtual DNS hosts. "These hosts are particularly attractive to attackers, as they enable the attacker to correlate the domain name of their choosing with this specific IP address - and at no cost," said ScanSafe researcher Mary Landesman.
The malware attacks started just one day after Microsoft launched a collection of lawsuits against 'malvertisers'. The company filed five lawsuits against alleged malicious advertisers. The suits targeted individuals using the business names “Soft Solutions,” “Direct Ad,” “qiweroqw.com,” “ITmeter INC.” and “ote2008.info.
"This work is vitally important because online advertising helps keep the internet up and running. It’s the fuel that drives search technologies," said Microsoft associate general counsel Tim Cranston. "It pays for free online services like Windows Live, Facebook, Yahoo! and MSN. Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services."