MSN home page spreads malware via malicious ad

Graham Cluley

Msn thumb

MsnAre you blocking online ads yet?

Perhaps you should.

The likes of Forbes and Yahoo Mail are reportedly trying to block access to users who are running ad blockers. But it’s an argument that is losing ground as more and more internet users find their computers are compromised by malvertising.

According to security firm MalwareBytes, the latest high profile site to be found spreading malware to its visitors via dodgy ads is MSN.

As researcher Jerome Segura reports, the attack appears to have been primarily focused on German users – posing as an ad for the cheap-and-cheerful supermarket chain Lidl.

MSN malvertising

Segura says that he saw the malicious ads serving up the RIG and Neutrino exploit kits in their attempt to infect vulnerable surfing computers with malware.

I can’t help but feel a little bit sorry for MSN. It didn’t put the advert on its site, it simply displayed an ad provided by a third party advertising network (AdSpirit). But this isn’t the first time that MSN has served up malicious ads.

If AdSpirit hasn’t found a way to ensure that any ads it delivers to clients like MSN are unpolluted, then maybe they should put their thinking caps on or get out of the advertising business.

And if MSN doesn’t have contracts in place with hefty penalties for any advertising network which puts its website visitors at risk then clearly they need to think long and hard about that too.

But it’s the users who I feel most sympathy for. They should be able to feel safe browsing a popular website like MSN, and not have to worry that malicious code might be surreptitiously trying to infect their PCs.

One thing I do know. If you had an ad blocker running on your web browser, you probably would never have had the malicious ad rendered in your browser, and that would mean that your computer wouldn’t have been at risk of infection.

Frankly, I tell everyone I know to run an ad blocker. I realise its sucks for websites that try to generate revenue for advertising, but my sympathy disappears when there’s such a big problem of poisoned adverts.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

7 Replies to “MSN home page spreads malware via malicious ad”

  1. Big surprise.

    Actually the only thing that comes close to a surprise (but more like baffling) is why these organisations haven't gotten a clue yet; worse is they only care about a profit – and even whine (and try to find a workaround for the users workarounds) about the workarounds for their own blunders. That is why I don't feel any sympathy to their cause; if they don't respect the website viewers they don't deserve the profit from adverts being displayed on their website (I'd go so far as to say any organisation that doesn't respect their customers/users don't deserve anything at all except perhaps contempt and a bad reputation). Sure it isn't their fault in one sense (they didn't choose this advert) but it is in another sense and I'm afraid that is the sense that matters. This is besides the obnoxious ads that have sound, pop-up, and I don't know what else (because I go beyond blocking ads and block scripts). You can't reasonably say that the users should go elsewhere because of iframes and the cross-site scripts etc. make it rather impossible to simply avoid the offenders.

    They bring it on to themselves and until they figure this out and solve the problem, this will happen. By which time the users won't trust (wise decision) the claims they are now fixed, so even if the problem could be permanently eradicated I imagine many would still have ads blocked (never mind sexual [i.e. porn], potentially unethical or illegal websites that have these problems). I know I would still block scripts and ads.

  2. I don't know what's more illicit, malvertising to those who still use MSN…

    Jokes aside, agreements should be mandated for liabilities and the ad-provider held accountable for supplying inappropriate content.

    It's damaging to your brand, reputation while the vendor and crims profits.

  3. The former CEO of Firefox, has just developed a new browser,version 0.7, up at GitHub, named Brave. It is based on Chromium,and has ad blocking built-in as default operation. It has a little ways to go before it's complete,as no bookmarks,or history yet.

    Now,as for Android, there are now several options for ad blocking browsers. Firefox has the most options because it's the only one with add-ons or blocking extensions. However, Ghostery and Adblock Plus have standalone browsers now in playstore. There are other offerings, but it is a growing trend.

    Also, Adblock Plus was "blocked" from attending an ad industry conference recently. Go figure. Guess the industry is not interested in playing nice,and has some new secret weapons they will likely be discussing.

  4. Good advice, except that lately I have been coming across sites that tell you that you MUST disable the ad blocker or else you cannot see the page contents. Of course, we all have the right to simply decline and move on and feel that the page is the poorer for us not being able to visit/read. But if I really want to see the content then I am held hostage and have to disable my ad blocker at least temporarily.

  5. I had that with a site I used to visit. I declined, moved on, and also sent their management an email explaining exactly why I block ads.

  6. Well it's January 2019 and the problem with "Malware" ads from MSN is still around. I just had a web page from def7298.website loaded. Which is apparently from a news page linked to on MSN's home page. The rouge page claimed:

    Your Windows system is damaged, all system files are automatically deleted. Click on the "Update" button to install the newest software to scan and protect your files from being deleted.

    So who are the real amateurs here. The hackers? Or the people running MSN?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.