One of our readers, Walter, wrote to us today with a request to owners of websites: please block any third-party advertisements that contain scripts or any form of mobile code. Why? Well, consider this scenario: 1) Sleazy vendor (or rogue affiliate) "rents" compromised home computers from a bot-farmer This is not a new problem. We covered cases like this in the past where an entire ad server gets compromised and the advertisements it is generating contain malware that gets injected via an iframe. The correct solution is to only accept images from advertisers that are linked to another website, and no mobile code. You clearly can't control what happens on that web site, but at least no mobile code is injected into your user's browsers just because they visited you. UPDATE: Marcus H. Sachs |
Marcus 301 Posts ISC Handler Jun 23rd 2007 |
Thread locked Subscribe |
Jun 23rd 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!