Banner ad Trojans can be beaten, says Tier-3

The company says that a series of banner ad attacks on Expedia.com and Rhapsody, the Real Networks-owned online music site, can be beaten using behavioural analysis technology. “The attacks, which centre on the use of malware infections planted in banner ads that route users to sites apparently containing anti-spyware software, end up with users downloading the malware they are trying to avoid,” explains Geoff Sweeney, Tier-3’s CTO. “This new attack vector, which was identified last week by Sandi Hardmeir, Australian spyware researcher, attempted to persuade users to download the TROJ_GIDA.A Trojan,” he adds. According to Sweeney, this new banner ad infection technique builds on the earlier rogue URL strategy found on some DoubleClick ads last year, and is yet another example of how most antivirus and anti spyware technology is powerless to protect against attacks that the security software vendors don’t know about. Rule-based technologies, he says, cannot defend against these sorts of attacks, because there is always a time window whilst they wait for the latest definition file to become available.