14 DAY TRIAL // Digital Spy (DS), a popular celebrity and showbiz news website, has been faced with a malvertising attack for the second time in the past weeks. Only subscribers based in the US have been affected by this latest incident, which is currently being investigated.
It all started with reports posted by some readers on the website's official forum, in which they claimed that third-party pages were being opened when accessing digitalspy.co.uk. In some cases, the rogue sites seemed to have malicious content, triggering off people's antivirus software.
"Is your DS doing that weird 'thing' again? ...where it goes to another random website like a dating website before going to DS?" a user asked on July 19. "Mine was clicking a lot... means my virus scanner is blocking something..," another answered. On July 20, another subscriber confirmed that, "Its [sic.] happening to me. twice this evening. My ESET NOD 32 VIRUS scanner warned me I was being attacked. It does seem to happen only on this site."
At first, the problem seemed to be rather selective, as a lot of other readers were not detecting any weird behavior. However, James Welsh, a Digital Spy employee, joined the discussion and pointed out that all reports were coming from subscribers outside the UK. He noted that the problem couldn't be reproduced from the company's London-based office, but that advertising operation personnel were investigating the issue.
Eventually, Mr. Welsh returned and confirmed that there was a problem with ads displayed on the website, but that it only affected people trying to access the website from the US. "[...] [We] are in 'ton of bricks' (as in 'come down on them [advertising network] like a...') mode. Such behaviour on our site is totally unacceptable," he wrote.
This is not the first time when the popular celebrity gossip website has problems with malvertising (malicious advertising). According to The Register, back at the beginning of June, rogue and malicious ads displayed on Digital Spy tried to infect visitors with scareware via PDF exploits. The offending ads were reportedly coming from an advertising network that antivirus experts described as "notoriously dodgy."
Ads that spread malware have become a rather common attack vector during recent years, mainly because of the fact that they are hard to track or prevent. Cyber-crooks have constantly proven their ability to bypass the scrutiny of even big advertising networks such as Google. The Mountain View giant has acknowledged the problem and launched a special search engine to help security researchers and companies that place ads check if a particular advertiser has a questionable history.