双语新闻:网络广告销售混乱 电脑病毒乘虚而入

Web Ad Sales Open Door To Viruses

On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site's advertising system had been hacked.

A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising, with its numerous middlemen and resellers. Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales.

Viruses can be incorporated directly within an ad, so that simply clicking on the ad or visiting the site can infect a computer, or ads can be used to direct users to a nefarious Web site that aims to steal passwords or identities. In most cases, the problem becomes apparent within a matter of hours and quick fixes are put in place, but that's not fast enough for Internet surfers whose computers end up infected or compromised.

'The system is only as safe as its least secure members, and some of these members can be strikingly insecure,' says Ben Edelman, an assistant professor at Harvard Business School who researches Web security issues.

, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for LaCoste, the shirt maker. The retailer hadn't placed the ad -- a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis.

Similar attacks occurred across a series of News Corp.-owned sites in February, including , and . In January, clicking on an ad on Major League Baseball's led visitors to a site with malware.

Digital Spy, Ziff Davis, Fox and MLB all say that immediately after they detected the incidents, they isolated the ads and removed them from their sites.

Digital Spy sells the ad space on its forums section, visited by three million unique visitors a month, through a number of other companies, called ad networks. If one ad network doesn't sell the space to a marketer directly, it often will sell it to another network. The space also can be outsourced to ad exchanges, another set of companies, which hold an electronic auction for online ads.

'As that chain gets longer, it becomes more and more difficult to vet the ads to make sure there are no viruses in them,' says James Welsh, co-founder of Digital Spy, owned by Hachette Filipacchi. 'There was a lack of scrupulous checking somewhere along that line, and an attacker seized upon this and used it as a route to inject some very nasty malware onto our site.'

'Hackers are like any other criminal out there. They look for opportunities where there is the largest number of people gathered, because they will get the best return on their efforts,' says Hemanshu Nigam, who oversees safety, security and privacy for News Corp.'s online properties, including MySpace. News Corp. also owns Dow Jones, publisher of The Wall Street Journal.

Web publishers say they have started limiting the number of companies they outsource their ad selling to and are working with security vendors, such as San Francisco-based ClickFacts, to detect malicious software on their networks and remove it as quickly as possible.

Ad technology companies and Internet companies say they, too, are making efforts to boost the security of their systems. Microsoft, Google and Time Warner's AOL say they use a series of technical and manual procedures to scan for malicious code in their systems.

AOL says that in addition to digital virus scans, it employs a team of people to review each of the thousands of Web sites interested in entering its ad network and each of the advertisers that want to run an ad campaign across these sites. Microsoft says it verifies the legitimacy of the companies it does business with and deploys technologies that scan ads and Web sites to mitigate attacks.

'It is an issue that we take very seriously,' says Alex Gounares, corporate vice president of ads and commerce research and development at Microsoft, which operates some of the largest online ad technology systems. 'I don't know if it will ever go away. The world has evildoers.'

Emily Steel

今年5月底的一个周六晚上，访问者只要打开英国娱乐和媒体新闻网站Digital Spy的论坛部分，就会激活一个会自动下载恶意软件的广告。原因是网站的广告系统此前被黑客攻击了。

今年已经发生了多起此类网络攻击事件，攻击者利用了网络广告销售的复杂结构，以及为数众多的广告中间商和分销商。网络安全专家表示，由于经济形势黯淡，发行商为了提高广告收入将更多的广告空间销售外包，专家们已经发现内嵌恶意软件的广告数量有所增加。

由于广告可以直接内嵌病毒，因此单是点击广告或是访问网站就可以令电脑受到感染，或者通过广告引导用户进入一个意在盗取密码或ID的恶意网站。在大多数情况下，问题会在几个小时就被发现，然后迅速得到解决，但对电脑中毒或受到影响的网民来说，这个解决速度还不够快。

哈佛商学院研究网络安全问题的助理教授艾德尔曼(Ben Edelman)说，广告系统非常不安全，一些成员容易遭受攻击的程度令人吃惊。

Ziff Davis Enterprise旗下的科技新闻网站今年2月份在主页上显示了一则广告，似乎是为服装品牌LaCoste做广告。但Ziff Davis的社区和内容主管威尔曼(Ziff Davis)说，这则广告实际上并不是该网站发布的，而是一名黑客所为；这则广告会将用户引导到一个恶意网站，向用户的电脑下载有害软件。

新闻集团(News Corp.)旗下的一系列网站2月份频频遭受类似的攻击，包括了、福克斯新闻网()以及。今年1月份，美国职棒大联盟网站上面出现了一则广告，访问者点击之后就会被带到一个恶意软件网站。

Digital Spy、Ziff Davis、福克斯以及MLB均表示，他们发现问题之后就立即隔离了广告，并从网站上将它们删除了。

Digital Spy通过诸多被称为广告网络的其他公司在论坛上销售广告空间，论坛每个月有300万访问者。如果一个广告网络没有将空间直接卖给一家推广商，那么通常就会卖给另外一个网络。广告空间还可以外包给另外一系列公司，对网络广告进行电子拍卖。

Digital Spy创始人之一威尔斯(James Welsh)说，随着这个链条变得更长，检测广告是否有病毒也变得越来越难。Digital Spy 是 Hachette Filipacchi 旗下的一家公司。威尔斯说，这个过程中缺乏谨慎检测，黑客抓住了这一点，并以此为路径将一些非常讨厌的恶意软件嵌入到了我们网站。

负责为新闻集团旗下MySpace等网站监控安全和隐私问题的尼甘(Hemanshu Nigam)表示，黑客们就象犯罪分子。他们在人群最为密集的地方寻找作案机会，因为这样就可以获取最大的回报。新闻集团是《华尔街日报》发行商道琼斯公司(Dow Jones)的母公司。

网站发行商表示，他们已经开始限制外包广告销售的公司数量，并正在与旧金山ClickFacts等安全维护公司合作，对网站进行恶意软件检测，一旦发现就尽快删除。

广告技术公司和网络公司表示，他们也在努力提高自己系统的安全性。微软(Microsoft)、谷歌(Google)和时代华纳(Time Warner)旗下美国在线(AOL)表示，他们使用了一系列技术和人工程序，在自己的系统里搜索恶意代码。

美国在线表示，除了进行数字病毒扫描，他们还雇佣了一队人马对有意进入其广告网络的数千个网站、希望在这些网站上打广告的每个广告商进行逐一评估。微软表示，会对和微软打交道的每家公司进行合法性验证，微软还借助技术对广告和网站进行扫描以减少攻击事件。

微软负责广告和商业研究与开发的企业副总裁古纳里斯(Alex Gounares)说，我们非常重视这个问题。我不知道这个麻烦问题是否会得到解决，这个世界总有作奸范科的人。微软运营着一些全球最大的网络和技术系统。

Emily Steel