Worst banner ad ever - system doctor takes over the browser

 
 

Worst banner ad ever - system doctor takes over the browser

ARrrggh! Have any of you met that super annoying ad that takes over your browser - even firefox on Mac - and hides all the windows while showing a very serious looking alert that reads:

http://www.systemdoctor.com
NOTICE: If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behaviour, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data loss. Would you like to install SystemDoctor to check your computer for free? (Recommended)
CANCEL / OK

No matter what you do, you'll still have to go to the systemdoctor webpage eventually, cancel doesn't actually cancel. Brave souls who want to see how the ad works might try copy-pasting this link into their browsers.
http://www.systemdoctor.com/download/2006/
?p=19&ax=1&ex=1&ed=2&mpt=&aid=edgerest

(more inside)

The next panel/window appears after clicking either cancel or OK - and tries to freak you out even more, just in case that temporary "hide" of all your browser windows didn't get your attention:

http://www.systemdoctor.com
NOTICE: You have not completed the errors scan. If your computer has errors in file system or Windows registry, it could cause unpredictable or erratic PC behavior, freezes, crashes and loss of data.
You need to install SystemDoctor to scan for, and if found, fix system errors now (Recommended)?
CANCEL / OK

Finally, your browser will hop over to http://www.systemdoctor.com/download/2006/
index.php?aid=edgerest_ed2&lid=keyin&ex=1&p=19&ax=1
while displaying this text:

http://www.systemdoctor.com
SystemDoctor will scan your system for errors now.
Please select "RUN" or "OPEN" when prompted to start the installation.
This file has been digitally signed and indepenently certified as 100% free of viruses, adware and spyware.
OK

Once there you can leave, not install anything and remember to never buy any crap called system doctor in your life. However, some browsers will start an automatic download anyway - throw that crap away! And if you can, change your preferences/settings so that you have to approve each and every download from the web, it's safer that way.

System Doctor brags that it is 100% adware and spyware free, but is classified as adware. McAfee has gone all the way with this thing and shows what happens once it is installed - yeah, it'll ask you for your creditcard details. Yuck.

Meanwhile, if you have Firefox and adblock the advertising host of this ugly ad is adbrite, so in adblock you should block *.adbrite.com/* to ensure never having to go throough this sneaky javascript alert and redirect again. If you happen to be a webmaster who uses adbrite for your ads, consider checking that you never show this one since it'll prevent your visitors from seeing your site and that's probably not what you wanted when you signed up for some extra cash.

Update August 18 2007 Hacking web banner networks sends banner ads from hated to feared

Adland: 

Comments

Thank you for postng this, I've seen that thing and it was not pleasant. Adblock installed now.

What are those applications in your dock? Second and third, right from VLC Media Player. I'm curious. :)

The black square is terminal (you can see it, the green text on black in the background is my terminal, unless that particular window happens to be iTerm. Yeah, I use a lot of terminal programs. I like bare bones.) Bluetooth file exchange - when I'm not fetching my own images from my phone I try and see if I can pick up my neighbours. I can surprisingly often.

I recognized Terminal. :) Bluetooth I didn't know. What's the crate to the right of Bluetooth?

Did you visit a webpage and this "system doctor" ad hijacked your Firefox browser? Is that what happened? If so, that's nasty!

I pasted the link you provided into my browsers, but I just got the annoying "warning" windows. I use Camino, Safari, and Opera browsers. Camino let all the windows open. Safari only allowed one window to open. Opera wouldn't load the page. There was no take over of any of my browsers.

Yeah, I'm not sure I managed to capture the right link - it moves fast! It's a basic javascript that hides all windows, followed by a quick re-direct and more javascripting that throws those scary pop-up alerts all over the place. Really, it's more fraud than ad.
It didn't do the close-thing on my Safari either, just the second and third 'warning', so I probably captured the wrong link (as in, the second link after the first "hijack"), but I only had two links to choose from in my history list, so...

The crate is betterzip. Though I don't know if it's that much better really. ;)

System doctor seem good, I always use spyware doctor, it is an adware and spyware removal utility that detects and cleans, work fine for me, enjoy.

System Doctor is Malware - I can not make it any clearer than that.

Ohoy, seems Discdoctor isn't the only one to figure out this trick, I've now spotted a few other variations on several websites - all which have in common running bright blinking banner ads but I'm not sure if they are all from the same adserver. I've spotted adbrite and blogads on the pages where it happened and I thought it might be one of them (adbrite like I said in the post)..... But then it happened again, and the last time it popped up for me was when I was checking out De Düva: The Dove (1968) on the respectable site IMDB. For the life of me I can't figure out what ad server they are using as it seems rather random. Here's what it looked like - the same dealio with shrinking the web browser to nothing and then telling you to install something goes on. It's really really annoying.

ps, more posts about these nasty banner ads:

Shameful marketing by DriveCleaner at Hackersblog - they suspect Clickz ad banner network for hosting the ad.

The Register: "MSN punts 'scareware' - Rogue banner ads pulled"

In another incident involving rogue software, Microsoft has also apologized after its MSN Groups was caught serving ads hawking SystemDoctor2006, according to APC Mag.

The Microsoft-distributed ads give a veneer of legitimacy to packages that advise surfers they are infected with spyware, whether they are or not, in an attempt to hoodwink users into buying ineffective software.

"We immediately investigated the reports and removed the offending ads, as this is a violation of our ad-serving policy," Microsoft spokeswoman Whitney Burk told IDG.

The incident is the second time adverts for potentially unwanted programs have made their way onto the ad serving networks servicing well-known internet brands over recent weeks. MySpace served up banner ads for AntiVirus Pro and DriveCleaner, other so-called security packages that offer nothing but misery for users, in January.

Spyware installer hides in Messenger ad banner (kinda weird way of describing it but okay)

*sigh* I just got that Drivecleaner "ad" again when trying to read the Adland keeps getting the blame. It's time the finger-waggers ... article at Findarticles.

I can't replicate you results, Dabitch. No sign of that Drivecleaner "ad" anywhere.

It doesn't pop up every time, just once-in-a-while.

I see. It's sneaky and annoying.

Add new comment

Top