It has emerged that attackers have succeeded in tricking at least two major advertisement networks into unknowingly distributing drive-by malware. By masquerading as the legitimate company AdShuffle, the attackers registered AdShufffle.com (Note the triple "f" in the latter) and managed to run malware infested advertisements on DoubleClick and MSN. The perpetrators attempted to exploit vulnerabilities that are already patched, running the gamut from known security flaws in Internet Explorer, Java and Adobe (NASDAQ: ADBE) Reader.

Infosecurity has the low-down of what happened, and it appears that the attempts came to light when VeriSign Trust Services (now part of Symantec), registered a number of infections on a number of prominent websites as part of its daily Trust Seal malware scans. The scope of the damage was unknown, though it is worth noting that the broad reach of these two major ad networks means that literally millions of users per day could have been exposed. One thing that I know for sure: Other attackers are no doubt attempting similar tricks on the other ad networks as well.

For more on this story:
- check out this article at Ars Technica
- check out this article at Infosecurity
- check out this article at Network World

Related Articles:
McAfee: Malware at all-time high 
Stuxnet: Evidence points to Iran centrifuges as target 
Building leper colonies for infected computers 
Symantec: Retailers hit hard by malicious email