Google and Microsoft ads serve malware

Two of the world's largest ad networks have been caught disseminating malware

Banner adverts from Google and Microsoft have been found to be disseminating malware, without any action required on the part of the user.

Banner ads from Google's advertising subsidiary DoubleClick, and Microsoft's MSN ads service were affected.

To get around the firms' security controls, hackers created a site called ADShufffle.com, which was sufficiently close to real online advertising technology firm ADShuffle.com to get through ad screeners.

Security company Armorize appeared to be the first to notice the attack. Writing on the Armorize blog, Wayne Huang said: "The malware gets installed on victim computers, and holds the computer hostage by displaying a threatening message (stating that the system is failing), and asking you to purchase a license to fix the problem."

This form of drive-by download malware can be especially effective as it only requires users to visit the page, as opposed to tricking them into clicking a malicious link.

Huang listed some of the affected sites as Scout.com (using DoubleClick), realestate.msn.com, msnbc.com (using both), and mail.live.com.