Hackers Can Now Deliver Viruses via Web Ads

Web ads are becoming a delivery system of choice for hackers seeking to distribute viruses over the Internet.

In a development that could threaten the explosive growth of online advertising, hackers have started to exploit security holes in the online-advertising chain to slip viruses into ads. Just going to a site that shows such an ad can infect a user's computer.

In May, a virus in a banner ad on tomshardware.com automatically switched visitors to a Web site that downloaded "malware" -- malicious software designed to attack a computer -- onto the visitor's computer. ScanSafe Inc., one of the first security firms to discover the virus, estimates the banner ad was on the site for at least 24 hours and infected 50,000 to 100,000 computers before Tom's Hardware removed it.

After the incident, Tom's Hardware's parent, TG Publishing, was acquired by BestofMedia Group. The company says it won't discuss what may have happened under prior management. But a person familiar with the situation says that Tom's Hardware was unaware of the threat and that ads on the site were supplied by an outside server and likely appeared on a number of other Web sites as well. Users of an online forum hosted on the Tom's site discussed the case, with some people noting that their antivirus software had protected their computers and others lamenting that a virus had been downloaded onto theirs.