FT.com caught powering illegal hacking sites via Infinityads

Brian Turner

July 6, 2012
ft

Properties such as FT.com are being heavily advertised on websites known to be used by hackers to profit from their activities.

The hackers inject a redirect into the Javascript files of an unsuspecting website, so that any traffic to that website from Google and other search engines is then redirected to one of their advertising properties.

In this instance, the advertising property is 123url.info, a domain known for years to be used by these hackers to profit from their activity.

The ads on the site at present are supplied by Infinityads.com, a property owned by Yesup commerce, are are prominently displaying advertising for FT.com.

The result means that normal internet users on Google end up being redirected from legitimate sites that have been hacked, to 123url.info, and then displayed a full page pop up advertising for FT.com.

Insiduously, the website owners may not even be aware that they have been hacked.

Not only does the hack attack leave such sites performing normally for users going directly to the site, but it also drops a cookie on any user clicking through Google’s results, so that the redirect will only happen the once.

An example URL (may not be safe) is: http://url123.info/55489931

These sort of hacking attack was found still in use yesterday, on forums such as sffchronicles.co.uk and homemove.co.uk.

While this sort of attack has been affecting webmasters for a number of years, the surprise if that Yesup do now appear to be publically aware that they are funding hackers.

Even more surprising, is that media buyers do not appear to be aware where their adverts are going, or that they are helping those profit from hacking into other websites.

Attempts to contact both Yesup and FT.com have resulted in no reply so far.






 

Comments in chronological order (1 comment)

  1. David says:

    Well written!
    url123.info is a pest

Post a comment

Your email address will not be published. Required fields are marked *

Visited 4861 times, 1 so far today