According to a recent Ars Technica
article, two CMA Communications customers have reported banner ads being injected directly into webpages on popular websites, and they are blaming the ISP.
Earlier this year, Robert Silvie and Zachary Henkel noticed banner ads running along the bottom of pages belonging to companies like Apple, Walmart, Target, Bing and eBay. Both Silvie and Henkel were using Internet service provider CMA Communications when they spotted the suspicious banner ads.
Knowing that Bing didn’t run commodity banner ads at the bottom of its home page, Silvie first thought it was the result of a malware infection.
Screen capture of banner ad on Bing.com from zmhenkel.blogspot.com
Henkel, a computer science PhD student, was browsing Apple.com on his MacBook Pro when he noticed an H&R Block display ad running along the bottom of the site. Writing about the experience on his person blog, Henkel feared, “…that either Apple had entered in to the worst cross-promotional deal ever, or my computer was infected with some type of malware. Unfortunately, I would soon discover there was a third possibility, something much worse.”
Screen capture of banner ad on Apple.com from zmhenkel.blogspot.com
Thinking his MacBook Pro was infected, Henkel immediately checked other devices on the same Internet connection. All rendered the same styled bottom of page banner ads. According to his blog, Henkel conducted a number of investigations to determine the source of the banner ads. He discovered that Web requests were being sent through a Squid proxy server run by a R66T, where extra ad code was being input.
Silvie, having a similar reaction to Henkel, used Fiddle, a traffic inspection application, which helped him identify that websites not served up over an encrypted HTTPS included banner ads that appeared to be coming from R66T.com.
The Ars Technica article cites that R66T defines itself as a publisher of targeted content, information and advertising for private Wi-Fi and high-speed Internet access networks that support place which often provides free access in exchange for displaying local ads; but, both Silvie and Henkel were seeing the banner ads from a paid Internet connection.
When Silvie and Henkel blocked access to R66T domains, the ads stopped. Suspecting CMA Communications had partnered with R66T, Henkel filed a complaint with the Federal Communications Commission (FCC) on March 19, but was told that the issue did not fall under the FCC’s jurisdiction, and to contact the Federal Trade Commission.
At the time of Ars Technica’s story, neither CMA nor R66T had given any specific response to the whether or not the banner ads were the result of a partnership between the two companies.
(tip Ars Technica)
Comments