Published June 16, 2009
| Wall Street Journal
On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site's advertising system had been hacked.
A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising world, with its numerous middlemen and resellers.
Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales.
Viruses can be incorporated directly within an ad, so that simply clicking on the ad or visiting the site can infect a computer, or ads can be used to direct users to a nefarious Web site that aims to steal passwords or identities.
In most cases, the problem becomes apparent within a matter of hours and quick fixes are put in place, but that's not fast enough for Internet surfers whose computers end up infected or compromised.
"The system is only as safe as its least secure members, and some of these members can be strikingly insecure," says Ben Edelman, an assistant professor at Harvard Business School who researches Web security issues.
EWeek.com, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for Lacoste, the shirt maker.
The retailer hadn't placed the ad -- a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis.