Press Release: March 16, 2010


Avast! exposes negligence and poor security of major online advertising agents.
Yahoo and FOX Audience Network top the list of compromised online ad servers delivering malware and virus filled adverts to innocent web users; Google ad serving platforms also affected

(PRAGUE, Czech Republic, March 16, 2010) Researchers at ALWIL Software, providers of the avast! antivirus program, have discovered a widespread campaign to infect website advertisements served up on leading online advertising services.

The attack infects advertisements served up by a number of online advertisers, helping place malware on the computers of people visiting leading websites such as Google and Yahoo.

The most compromised services are yieldmanager.com (Yahoo) and fimserve.com (FOX Audience Network) which cover more than 50% of online ads. The list of poisoned ad services is extensive and includes advertangel.com, bannerimg.com, jambovideonework.com, myspace.com, vestraff.com and zedo.com. Doubleclick.com, an advertising server affiliated with Google, is ranked fifth in the avast! Virus Lab list of infected servers by rate of infection.

The poison ad infiltration method is growing in popularity because it does not require users to click on anything, explains Jiri Sejtko, avast! Senior Virus Analyst. Users can get infected just by reading their favourite newspaper or by doing a search on popular topics; the infection begins just after the poisoned ad is loaded by the browser.

Avast! Virus Labs have named this attack vector JS:Prontexi. It is a JavaScript code which acts as a channel for malware attacks on vulnerable software such as Adobe and a range of zero-day exploits.

JS:Prontexi highlights the lack of care shown by advertising services providers to actively screen the content they are distributing, comments Sejtko, Serving up infected content like this is a double hazard for advertising companies. In addition to reducing consumer trust in their services, they run the risk of being flagged or even blocked by antivirus programs as a source of malware.

Consumers shouldnt immediately accuse their antivirus program of a false positive when a familiar site gets blocked. There can be a real danger, explains Sejtko. avast! and Kaspersky Labs, a competing antivirus product, both blocked yieldmanager earlier this year because of these attacks. If these advertising services get too infected, the easiest way to protect our users is to block them completely.

Since the surge of JS:Prontexi in February, avast! has updated its virus databases to fully protect against this attack vector. avast! sensors in individual computers detect the malicious JavaScript and block it, preventing users from receiving the infection. Much of the data gathered on the spread and prevalence of this poisoned ad phenomenon has been collected by users participating in the avast! Community IQ, the firms own cloud of 100 million endpoints that report on web dangers, helping the avast! experts build better protection schemes.

More information on the technical aspects of ad poisoning can be found here: http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/

About ALWIL Software
ALWIL Software is the maker of avast! the world's most popular computer security program with over 100 million registered users. From its headquarters in the Czech Republic, ALWIL Software has developed the award-winning suite of avast! products and localized them into 33 languages. Further details about the company and its products can be found at http://www.avast.com.


avast! is a registered trademark in the United States of America and other countries and is used under exclusive license to ALWIL Software.

Editors for further information, contact:
Anne Harding
The Message Machine
+44 1895 631448

Notes to editors

For more information, please contact:

Anne HardingAnne Harding

Tel: 01895 63144801895 631448

Email: anne@themessagemachine.comanne@themessagemachine.com

Visit the newsroom of: PR Fire