MSN home page spreads malware via malicious ad

Graham Cluley
Graham Cluley
@[email protected]

MsnAre you blocking online ads yet?

Perhaps you should.

The likes of Forbes and Yahoo Mail are reportedly trying to block access to users who are running ad blockers. But it’s an argument that is losing ground as more and more internet users find their computers are compromised by malvertising.

According to security firm MalwareBytes, the latest high profile site to be found spreading malware to its visitors via dodgy ads is MSN.

Sign up to our free newsletter.
Security news, advice, and tips.

As researcher Jerome Segura reports, the attack appears to have been primarily focused on German users – posing as an ad for the cheap-and-cheerful supermarket chain Lidl.

MSN malvertising

Segura says that he saw the malicious ads serving up the RIG and Neutrino exploit kits in their attempt to infect vulnerable surfing computers with malware.

I can’t help but feel a little bit sorry for MSN. It didn’t put the advert on its site, it simply displayed an ad provided by a third party advertising network (AdSpirit). But this isn’t the first time that MSN has served up malicious ads.

If AdSpirit hasn’t found a way to ensure that any ads it delivers to clients like MSN are unpolluted, then maybe they should put their thinking caps on or get out of the advertising business.

And if MSN doesn’t have contracts in place with hefty penalties for any advertising network which puts its website visitors at risk then clearly they need to think long and hard about that too.

But it’s the users who I feel most sympathy for. They should be able to feel safe browsing a popular website like MSN, and not have to worry that malicious code might be surreptitiously trying to infect their PCs.

One thing I do know. If you had an ad blocker running on your web browser, you probably would never have had the malicious ad rendered in your browser, and that would mean that your computer wouldn’t have been at risk of infection.

Frankly, I tell everyone I know to run an ad blocker. I realise its sucks for websites that try to generate revenue for advertising, but my sympathy disappears when there’s such a big problem of poisoned adverts.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

8 comments on “MSN home page spreads malware via malicious ad”

  1. Ants

    Rolled out Adblock Plus to the company 2 weeks ago.

  2. coyote

    Big surprise.

    Actually the only thing that comes close to a surprise (but more like baffling) is why these organisations haven't gotten a clue yet; worse is they only care about a profit – and even whine (and try to find a workaround for the users workarounds) about the workarounds for their own blunders. That is why I don't feel any sympathy to their cause; if they don't respect the website viewers they don't deserve the profit from adverts being displayed on their website (I'd go so far as to say any organisation that doesn't respect their customers/users don't deserve anything at all except perhaps contempt and a bad reputation). Sure it isn't their fault in one sense (they didn't choose this advert) but it is in another sense and I'm afraid that is the sense that matters. This is besides the obnoxious ads that have sound, pop-up, and I don't know what else (because I go beyond blocking ads and block scripts). You can't reasonably say that the users should go elsewhere because of iframes and the cross-site scripts etc. make it rather impossible to simply avoid the offenders.

    They bring it on to themselves and until they figure this out and solve the problem, this will happen. By which time the users won't trust (wise decision) the claims they are now fixed, so even if the problem could be permanently eradicated I imagine many would still have ads blocked (never mind sexual [i.e. porn], potentially unethical or illegal websites that have these problems). I know I would still block scripts and ads.

  3. Simon

    I don't know what's more illicit, malvertising to those who still use MSN…

    Jokes aside, agreements should be mandated for liabilities and the ad-provider held accountable for supplying inappropriate content.

    It's damaging to your brand, reputation while the vendor and crims profits.

  4. David L

    The former CEO of Firefox, has just developed a new browser,version 0.7, up at GitHub, named Brave. It is based on Chromium,and has ad blocking built-in as default operation. It has a little ways to go before it's complete,as no bookmarks,or history yet.

    Now,as for Android, there are now several options for ad blocking browsers. Firefox has the most options because it's the only one with add-ons or blocking extensions. However, Ghostery and Adblock Plus have standalone browsers now in playstore. There are other offerings, but it is a growing trend.

    Also, Adblock Plus was "blocked" from attending an ad industry conference recently. Go figure. Guess the industry is not interested in playing nice,and has some new secret weapons they will likely be discussing.

  5. Michael W

    Good advice, except that lately I have been coming across sites that tell you that you MUST disable the ad blocker or else you cannot see the page contents. Of course, we all have the right to simply decline and move on and feel that the page is the poorer for us not being able to visit/read. But if I really want to see the content then I am held hostage and have to disable my ad blocker at least temporarily.

  6. drsolly

    I had that with a site I used to visit. I declined, moved on, and also sent their management an email explaining exactly why I block ads.

  7. Neon

    Well it's January 2019 and the problem with "Malware" ads from MSN is still around. I just had a web page from loaded. Which is apparently from a news page linked to on MSN's home page. The rouge page claimed:

    Your Windows system is damaged, all system files are automatically deleted. Click on the "Update" button to install the newest software to scan and protect your files from being deleted.

    So who are the real amateurs here. The hackers? Or the people running MSN?

  8. Sylvia

    MSN news pages are getting nasty. My antivirus is working overtime securing threats, not when I click on any ads there, but just generally when I'm browsing news item pages. It seems like a re-direct, which happens very fast, from an MSN page to another.
    Run smart scans, done my cleaning, disabled things, yet it's still happening ONLY on the MSN site. The rest of my PC is malware-free and fine. I can only conclude it's MSN who are at fault

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.