06-23-2007, 08:05 AM
Quote: As advertising reaches ever more Web sites, cyber-criminals have begun using affiliate ad networks to infect computers with keystroke loggers, bot net software, and other malicious code. The tactics of these bad actors are outlined in a report published by the Finjan Malicious Code Research Center.
Cyber-criminals use two main strategies to run ads serving malicious code to unsuspecting users. Some hack pages on a publisher's site and insert code behind a content page or ad, as happened in the case of an infected ad served on MySpace.com. A second strategy involves the formation of affiliate ad networks where site operators are paid based on the number of infections, rather than impressions, they manage to deliver.
The cost of entry for the cyber-criminals running the networks is low. "Criminals today can buy a software package onlineĀ and start to infect users with Trojans," said Finjan CTO Yuval Ben-Itzhak. "Criminals don't need to know anything about security. It makes it possible for almost anyone to do this crime."...
full article: http://clickz.com/showPage.html?page=3626228