Mal...where?

Fighting the Global War on Malicious Code

Told You So -- ErrorSafe Pop-Ups Served via Ruckus
Thursday, August 16, 2007

Well, listening to my morning dose of Sara Groves, I saw a familiar pop-up that I'd called coming a short while ago (look towards the end):


That's right, ErrorSafe! (If you're not familiar with the rogue AV/registry cleaner/etc. scene, such programs claim that there are a bunch of problems that need to be fixed...for a fee. They install without user consent, and have little or no real functionality). Clicking anywhere on the message (NOTE: even on the red "X" in the corner) loads the ErrorSafe install page in IE7:



...and not only that, the page then attempts to install the rogue program without user consent (in this case, Symantec caught the .cab file while it was still in the Temporary Internet Files):



I've notified Ruckus about the advertisement, but it goes to show you the perils of 3rd-party ad networks. If you don't stay on top of the ads you're serving (or someone is serving on your behalf), something like this is bound to happen.

- David Oxley

UPDATE (8/17/07): Got hit with another redirect to errorsafe.com on Ruckus today, with two chief differences:

1) The product advertised was WinAntiVirus2007
2) The ad was Flash-based, and automatically opened the ErrorSafe page without any user interaction whatsoever.

Ugh. Ctl-Alt-Del, end-task iexplore.exe, and send Ruckus an e-mail (I've yet to hear back concerning my first experience...)

UPDATE #2 (8/17/07): Received a response from Ruckus saying that it's been cleaned. Likewise, see the comments for an apology from their senior director. I commend them on getting this taken care-of so quickly -- I'm not giving up my Ruckus anytime yet. :)

Labels: , , ,

posted by David @ 4:18 AM,

1 Comments:

At 12:43 PM, Blogger Ruckus said...

Sorry for the inconvenience, David.

We were notified about the malicious advertisement and have removed the ads and replaced them with internal programming to prevent this from happening again.


Chris Hood
Senior Director,
Product Development
Ruckus Network

 

Post a Comment

<< Home


Web This Blog

About me

    I'm David From Atlanta, Georgia, United States -- I'm a Computer Science undergrad at Emory University seeking to go into Network Security after grad school. More than that, I am a follower of Christ and a Christian, living the Journey and learning from others who are doing the same. My family and home rest in Fredericksburg, VA.
    My profile

Archives

Previous Posts

Helpful Sites

Favorite Forums

Favorite Blogs

Powered By

Powered by Blogger>