NEWS FROM THE LAB - Tuesday, September 21, 2010

1 Ad Service Compromised, 1 Country's Users Annoyed Posted by Alia @ 04:06 GMT

On September 19th and 20th, over 600 sites, mainly in Malaysia and Indonesia, were temporarily listed by Google as potentially harmful*. The roll call of sites affected include many of Malaysia's major online media sites, including TheStar, Malaysiakini, Berita Harian and the Malaysian Insider.

Firefox warning

The issue was traced to ads unintentionally served on the affected sites by a third party ad provider, which were pointing to malware sites. The ad service has since announced that the offending material has been removed and that Google has reviewed their site. Most major websites affected also appear to have been cleaned.

Actually, compromised ad servers (and their knock-on effect on associate websites) are nothing new. What is interesting to note in this case is the disproportionate affect it had on an entire country's online community.

It's hard to imagine this incident occurring in Finland, the US or the UK. In those mature online markets, the level of computer security is generally higher; and there are more ad services, reducing the impact a compromised ad service might have.

But not all countries enjoy those advantages. That's especially true of countries only just coming online, who are still growing their online population and developing an online market.

In Malaysia's case, the attack was something of a perfect storm. Malaysia has a relatively small online population of approximately 17 million users; these users depend on a small handful of high-traffic local sites; these sites coincidentally shared the same third-party ad service.

Once that ad service was compromised, it was like throwing a big stone into a small pond — the ripples spread far and wide. In this case, it really didn't take much to inconvenience an entire country's online population.


* An article on joshuaongys.com gives a summary of this incident.

Hat tip to Choon Hong for his analysis.