For the past several days we've been battling against a hacker (or more likely "hackers") who managed to compromise our ad server. The attack is part of a sophisticated series of attacks that have compromised Web sites all over the world.
What we know about the attack on our server: The hacker inserts code that piggybacks on ads being delivered through the site that asks some users to install Java.
We've received several complaints from people who either avoided installing the virus or clicked the wrong button and had the virus installed on their system.
Nearly every day since last Thursday, we've been deleting malicious code from the ad server only to have it reappear overnight, until today, when it would reappear as soon as we removed it. It was at that point we shut down the ad server.
We expect to have a new ad server up and running by this time tomorrow (knock on wood).
The only computer systems at risk were those running Internet Explorer on Windows. Mac users have not been attacked. Windows users running Chrome or Firefox for their Web browser have not been affected. People using mobile devices -- iPhones, iPads, Droid phones and tablets -- were not at risk from this exploit.
And even then, not all Internet Explorer users on Windows have been attacked. I've been to one office where only one out of six machines have been seen the Java install pop-up. I've been to another office where more than half of the computer users saw the install popup and either clicked the "OK" or "Cancel" button and were infected (if you see any kind of pop-up while visiting any Web site, do not click any buttons. Click the little red X in the upper right corner). (NOTE: The process I describe here is how I've closed the pop up on a Windows laptop I own. It has not been infected. A local IT person suggests this is bad advice and said it's better to use Task Manager to kill the process rather, as TP Hunt describes in comments.)
I spoke with one person today who hadn't visited The Batavian but still was infected by a malicious virus.
This is a very sophisticated attack on ad servers that has affected as many as 20,000 Web sites, including the Los Angeles Times, according to this article.
The article above says experts have been unable to determine how servers are being compromised. We've patched at least four discovered vulnerabilities but none have proven to be the ultimate solution.
For a couple of months, we've been planning to change ad servers anyway. There's a company that offers great ad hosting service with additional functionality for advertisers and I've wanted to make the switch. The events of the past several days are forcing us to do it now rather than later and in a less orderly fashion than I would like, but hopefully by this time tomorrow, we will have the ads back on the site in a safe environment.
Some advice for your Web surfing:
Never click on a pop-up button on a Web site that you are not 100 percent sure is a legitimate pop-up from that Web site.
All browsers and operating systems are subject potential viruses, but if you must use Windows, download, install and regularly use Chrome or Firefox. These browsers are less likely to be targeted and are not as directly linked to your operating system as Internet Explorer.
On Windows especially, keep your anti-virus software up to date (some cynics believe it's the anti-virus companies who write viruses so that people will buy their software).
Keep your system software up to date with the latest patches.
If you believe your computer has been compromised, visit a local computer shop and have your system checked.
Regarding e-mail: never click a link that looks suspicious. Often times people get e-mails from somebody they know that says something like, "check this out," but that person you're getting the e-mail from has been hacked and that link in that e-mail will deliver a virus to your computer.
Hacker: The common layperson's term for somebody who breaks into computers and Web servers. The more precise term is "cracker," because the correct definition of hacker is anybody who writes computer code.
Java: A computer programming language used on all computers to help some pieces of software run. If you run your regular system updates on Windows or Mac, you will receive these updates from Microsoft or Apple and any other request for updates should be viewed as malicious.
Web browser: What you used to look at a Web page. Common ones are Internet Explorer, Firefox, Chrome and Opera. We recommend either Chrome or Firefox.
Server: A computer sitting at a remote location that contains all of the data and files that make up Web site.
Ad server: A server with the specific task of managing ad inventory and ensuring the correct ads are delivered to the proper location on a Web page.
Advertisers who have questions can contact me at (585) 250-4118.
UPDATE: Upon further examination by the IT department of the new ad server company, it appears we will be without ad serving capability until Friday morning.