14 DAY TRIAL // The biggest advertising serving program in the world, Google's AdSense, jeopardizes people's security, by offering them "malvertizements" - ads that, when clicked, lead users to websites that host malware, rogue security products or other threatening applications. This time, multiple sources have identified a MediaMan ad provided by Google AdSense on Mashable, which, when clicked, links to a Russia-based fake antivirus website which hosts malware.
As the blogger who first discovered the flaw in AdSense's network was in Russia at that moment, it's probable that users from different countries got localized ads of the same nature. The question that arises is how malvertising managed to infiltrate the system. Google is usually aware of the threats and checks all the suspect flash files that are being served to confident people. But flaws like this one still allow hijackers the possibility to infect the machines of the users who can't think of any advertising serving program more reliable than AdSense.
"MediaMan has been identified a long time ago as a malvertisement so it's a surprise to see them popping up on the AdSense network. [...] Now I'm not posting this to shame Google (I'm sure their content team had already pulled this ad) - I'm posting this more as a call to action." says Mike Nolet, CTO and co-founder of AppNexus, a cloud computing company that aims at reducing the number of problems online advertising companies are facing nowadays. Nolet was the first to encounter the malicious advertising.
Another blog also confirmed that AdSense offered dangerous content, and advised users to rely on an online security tool that gave a full description of any given .SWF file. Besides the dimension, weight, actionscripts and links that can be contained by a Flash file, the tool analyzes if that specific file hosts any kind of malicious software. In the case of the ad provided by Google, the message displayed by AdopsTool was: "The file has a sprite/movieclip which is containing Malware actionScript code. Please contact the creative agency for checking and cleaning of the file." This proves that the malware could have been detected at a simple check.