Forbes gives you another reason to run an ad blocker – by serving up malvertising for a week

Graham Cluley
Graham Cluley
@[email protected]

ForbesAd blockers are in the news right now following the release of iOS 9 which incorporates a simple way for iPhone and iPad users to block adverts as they surf the web using Safari.

Some online media outlets are – quite reasonably – disturbed about the rising popularity of ad blocking, as it could impact their attempts to generate revenue.

Well, if a new report from security firm FireEye is to be believed, Forbes hasn’t done itself and other ad-loving news sites any favours by serving up malicious adverts for a week between September 8 – 15th, redirecting users to webpages hosting the nasty Neutrino and Angler exploit kits.

The attacks attempt to exploit a series of vulnerabilities, including security holes in Adobe Flash.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the report, the malicious attacks were only triggered on a handful of Forbes articles – rather than every page – which is a blessing for the site’s many visitors. Of course, if the attacks had occurred on each and every page chances are that someone would have noticed sooner, so it’s horses for courses…

FireEye says that it has worked with Forbes and the third-party advertising networks the site uses to eradicate the malicious ads.

From the sound of things, the malicious ads managed to pollute the stream via the attackers abusing Real-Time Bidding to ensure that their ads were displayed on the high profile site:

“Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms – particularly ad platforms that enable Real Time Bidding – attackers can selectively target where the malicious content gets displayed.”

“When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”

I feel sorry for advertising networks who police their ads properly, and those businesses who rely heavily upon online advertising revenue to keep themselves afloat, but such is the risk of malvertising and tracking that I simply wouldn’t surf the web without having an ad blocker installed.

If ads could be trusted not to infect users’ computers, not to track their surfing behaviour across the web, and not to offend their eyesight with cheap, tacky ads and tactics, then a lot more people would feel happy about allowing ads while they surf.

Full details of the attack can be found in FireEye’s blog post.

By the way, this isn’t the first time that Forbes has had a malware problem on its website.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Forbes gives you another reason to run an ad blocker – by serving up malvertising for a week”

  1. coyote

    They also take up a lot of resources (besides network) – some more than others but resource consumption is a burden nonetheless. I personally don't feel sorry for them when they have things like video (with or without sound), audio, other flashy things (including through flash) and other resource hogs. Then there is security with things like clickjacking, XSS and the many other problems websites are plagued by (sometimes because they were compromised but then they should be more careful in the future – and other times out of carelessness). This is entirely their fault and so if they have a problem with it they should fix what they created rather than whine about it. But I don't see that happening because they would rather play innocent victim.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.