Latest Ad Scammers: Faux Agency Execs

Gawker, NYT.Com Fall Prey to Fake Buyers Who Harvest User Identities

by Michael Learmonth
Published: November 02, 2009



NEW YORK (AdAge.com) -- Ads have long been a gateway for spammers and hackers to distribute malicious code, but now the crooks are showing a new level of sophistication by posing as agency executives walking right into the front doors of well-known publishers.

MAL-ICIOUS: Scammers posing as execs from Spark SMG placed this 'ad' on Gawker sites that actually installed malware on visitors' machines.
The scam goes something like this: Someone posing as an agency executive or marketer approaches a publisher with a credible e-mail domain like vonage-inc.com or hyundai-inc.com and asks for a quick turnaround campaign, often over a weekend. The ads then install malware or harvest user identities and continue to do so until the publisher figures it out. Often they don't and the "advertiser" -- sometimes part of a European organized-crime syndicate -- will even pay for the campaign and run another.

"They're bold, and they have budget," said Michael Caruso, CEO of ClickFacts, an online-security firm that works with News Corp. "These guys know internet advertising, and may have worked in the industry, or at least they know enough to convince a salesperson they know the business."

What do the scammers want? Eyeballs, and installs, for the most part. Some are paid by the number of malware installs they can get; others by the number of identities harvested or number of computers than can be used remotely as part of a bot network. In all cases, the bigger and more trusted the site, the easier to make money. "It's purely financially motivated," said John Harrison, manger at security firm Symantec.

1 of 5 Next
Send to a friend
Click here for the online version of adage.com
powered by Quattro Wireless