The virus was being unknowingly distributed by over 70 Right Media ad servers, which ScanSafe estimates delivered up to 12 million infected ads in recent weeks. Myspace, Bebo, Photobucket and The Sun were among the sites carrying virus-laden ads.
The virus could infect unsecured machines without any action from the user other than browsing to a page carrying the affected ads. “The infected placements delivered a Flash file generating an invisible ‘iFrame’, which prompted the download of a Trojan executable file.”
Right Media does take steps to prevent malicious ads from making it into circulation. ScanSafe, the Web security firm that reported the attack, suggested that the ads were cloaked to serve benign versions of the ad to security scanning servers.
The virus in question, Trojan-Downloader.VBS.Agent, can download other malicious files, including executable files, to the affected computer.