14 DAY TRIAL // A malicious ad that silently infected visitors with scareware has made its way on Gizmodo. The incident was the result of a successful social engineering attack directed at the ad sales team of Gawker Media, the site's owner.
Gizmodo is a popular technology blog owned by Gawker Media, an online media company covering news on multiple topics through a series of dedicated websites. The company's revenue is mainly obtained from selling online advertising on its network.
"Guys, I'm really sorry but we had some malware running on our site in ad boxes for a little while last week on Suzuki ads. They somehow fooled our ad sales team through an elaborate scam," Gizmodo editor Brian Lam announced yesterday. "It's taken care of now, and only a few people should have been affected, but this isn't something we take lightly as writers, editors and tech geeks," he added.
According to The Business Insider, which published the e-mail correspondence between Gawker and the attackers, the scam was indeed well instrumented and complex in nature. After reading the back and forth emails, one thing is clear – the scammer, whoever he or she was, was well versed in online advertising sales.
"They have intimate knowledge of online ad sales, including terms like eCPM, roadblocking, RON, IAB sizes, lead generation, traffic coordinators, etc.," a Gawker ad sales worker advises. "[...] As far as malware distributors go, this guy is easily one of the most convincing I've ever seen," he concludes.
The scam started with an e-mail from one George Delarosa claiming to be the representative of a media agency called Spark Communications. Delarosa claimed that the company had $25,000 to spend for an ad campaign on behalf of Suzuki, one of its clients. To put the ad sales team under pressure, he went on to claim that they were on a tight schedule.
Adding to the deviousness of this scam is its timing – the end of both the month and third quarter, a period when sales teams are generally interested in racking up as much revenue as possible. "Unlike most spammers, these guys were happy to jump on the phone to get ads back up and running," the Gawker employee notes. This suggests that scammers are willing to go to great lengths just to push scareware to a few thousand users.
Users who have reason to believe that they have been affected are urged to install a reliable antivirus solution and perform a full system scan. Symptoms include sudden security alerts and popups advising them to acquire a license for a security product that they haven't installed, as well as the presence of a file called qegasysguard.exe on the computer.