Google Blocks High Profile Sites After Advertising Provider NetSeer is Hacked

Google Chrome users, among others, couldn’t access some of the most popular Web sites Monday after an advertising network’s corporate Web site was injected with malware. But, according to the ad company’s chief executive, those sites were safe.Those who called up sites such as The Huffington Post, New York Times, Los Angeles Times, Washington Post and many other media sites, among others, were greeted with a warning that the sites contained malware.

Google NetseerGoogle Chrome users, among others, couldn’t access some of the most popular Web sites Monday after an advertising network’s corporate Web site was injected with malware. But, according to the ad company’s chief executive, those sites were safe.

Those who called up sites such as The Huffington Post, New York Times, Los Angeles Times, Washington Post and many other media sites, among others, were greeted with a warning that the sites contained malware. An example of a warning: “Content from cm.netseer.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.” Another warned that the virus peddler was images.buddytv.com.

In both cases, the culprit turned out to be the Santa Clara, Calif. startup Netseer, an advertising provider with a considerable global digital footprint.

“Early this morning we received alerts that our 3rd party hosted corporate website (netseer.com) was hacked and infected with malware. Consequently, Google added our domain to the list of malware affected websites and Chrome and some other browsers started blocking any sites that had ‘netseer.com’ code,” according to a letter from the CEO on the company’s homepage.  

“Our ad serving infrastructure is completely different from the corporate website but shares the same domain (netseer.com). So although the malware never impacted the ad serving all our ad serving partners saw Chrome and other browsers flagging malware warnings to users. To reiterate, the malware was never served into ad serving stream and the browser behavior was completely due to ad serving and the corporate website sharing the same domain name.”

The company said Google had removed the site from its malware impacted site list by 9:30 a.m. Pacific time, but users continued to report blocked sites hours throughtout the day.

According to various news reports, Internet Explorer users had no trouble accessing the impacted sites with that browser.

 

Suggested articles

Discussion

  • Jumex on

    According to DNS records, their web site and ad serving infrastracture don't seem as "completely different" as the company's CEO suggests. Meaning that the remote access the hackers gained to their wen site could lead to compromise of their ad-serving platform, and that means future malware spread through web sites serving Netseer ads.

    Every large web site operator should consider this when using 3rd party ad-serving services.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.