Suspicious hidden Google ad code detected

[polonus]

Hi malware fighters,

Checking here: confetti.co.uk there was a hidden external link found: http://www.unmaskparasites.com/web-page-options/?url=http%3A//fls.uk.doubleclick.net/activityi%3Bsrc%3D2205006%3Btype%3Dwebsi912%3Bcat%3Dhomep450%3Bord%3D1
Mind you that confetti.co.uk was hacked through some sort of ActiveX attack via obfuscated VBscript. This is another good reason not to use Internet Explorer, as most other browsers do not support ActiveX and are not vulnerable, report from 2008: read the good report and heads-up from Dancho Danchev: http://ddanchev.blogspot.com/2008/05/yet-another-massive-sql-injection.html
No zeroiframes detected!
Check took 1.64 seconds
Going further on the hidden external link:
(Level: 0) Url checked:
http://www.unmaskparasites.com/web-page-options/?url=http%3A//fls.uk.doubleclick.net/activityi%3Bsrc%3D2205006%3Btype%3Dwebsi912%3Bcat%3Dhomep450%3Bord%3D1
Google code detected (Ads, not a cheater)
Zeroiframes detected on this site: 0
No ad codes identified

Others gave a blank page result
When log-in credentials in such a case are being compromised this could lead to malcode injection when the page is requested...

polonus

[Yanto.Chiang]

Hi Polonus,

Nice article and information to share,

Anyway, base with http://www.unmaskparasites.com/web-page-options/?url=http%3A%2F%2Ffls.uk.doubleclick.net%2Factivityi%3Bsrc%25202205006%3Btype%2520websi912%3Bcat%2520homep450%3Bord%25201%23666597214533840616#7393535525957476918

How you can identify it this site was injected with malicious software in there?

cheers,

[polonus]

Hi Yanto.Chiang,

In this case the link is benign, but it has some possibilities to be abused...

polonus