Monday, July 6, 2009

EyeWonder...How Malware Got Onto CNN

On July 3rd, the ZDNet Blogs reported that eyewonder.com, a digital advertising provider, has infected some popular sites via, what they call, a "malvertising" campaign.  Here's an excerpt, you can read the full story by clicking the link at the end of the excerpt:

During the last couple of hours, visitors of popular and high trafficked web sites such as CNN, BBC, Washington Post, Gamespot, WorldOfWarcraft, Mashable, Chow.com, ITpro.co.uk, AndroidCommunity; Engadget and Chip.de, started reporting that parts of the web sites are unreachable due to malware warnings appearing through the EyeWonder interactive digital advertising provider.

Let’s assess the butterfly effect of a single malware incident affecting an ad network whose ads get syndicated across the entire Web.

What originally started as “we have been mistakenly flagged as malware“, briefly turned into “appears the EW.com domain was potentially maliciously “hacked” causing these errant and erroneous alerts to appear” malware incident.

Is the EyeWonder attack a typical malvertising campaign where malicious content is pushed on legitimate sites through the ad network, or did their web site actually got compromised in the ongoing Cold Fusion web sites compromise attack?


Continue Reading at ZDNet
Reblog this post [with Zemanta]

Disqus for ePayment News