| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to malware being distributed through online ads has happened again at DoubleClick, which is a Google-owned ad technology company. In 2007, DoubleClick was caught serving malware through an ad, causing pop-up warnings to appear on users' desktops [54193].
(b) The incident of malware being distributed through online ads has also occurred at other organizations. In this case, the malicious advertisement originated from a bogus advertising agency called AdShufffle and appeared on sites like Runnersworld.com and OrganicGardening.com, which are published by Rodale Inc [54193]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article can be attributed to the design phase. The incident occurred due to the malicious advertisement being distributed through DoubleClick's ad technology, exploiting vulnerabilities in users' browsers and PDF plug-ins to install malware on their computers [54193].
(b) The software failure incident can also be linked to the operation phase. Users were infected with malware simply by visiting a website where the infected banner ad was displayed, without having to click on the ad. This indicates a failure in the operation of the system, as users were unintentionally exposed to the malware through the normal operation of browsing websites [54193]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident involving DoubleClick distributing malware through online ads was due to vulnerabilities in the system that allowed malicious Javascript to be inserted into legitimate banner ads. This malicious code exploited the user's browser through vulnerabilities, leading to the installation of the "hdd plus" software on users' computers. Additionally, a backdoor was installed on infected machines, although its exact purpose was still being investigated by researchers [54193].
(b) outside_system: The software failure incident was triggered by external factors, specifically the actions of malicious actors who created a fake advertising agency called AdShufffle to distribute the infected banner ad. Users were infected simply by visiting websites where the malicious ad was displayed, without needing to click on the ad. This external threat actor exploited vulnerabilities within the system to deliver the malware to unsuspecting users [54193]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Article 54193 occurred due to non-human actions. Specifically, the failure was caused by malware being distributed through online ads served by DoubleClick. The malware infected users who visited websites where the infected banner ad was displayed, without the users having to click on the ad. The malware was installed as a drive-by download, exploiting vulnerabilities in users' browsers and PDF plug-ins. The malicious ad originated from a bogus advertising agency and was detected by an automated program called Hack Alert [54193].
(b) Human actions were also involved in this software failure incident. The attackers behind the malicious ad copied a legitimate banner ad and inserted Javascript that exploited the user's browser through vulnerabilities. Additionally, the attackers tried to deceive users by displaying fake Windows warning messages prompting them to purchase a security program. The incident also involved the actions of security researchers like Wayne Huang, CTO of Armorize, who discovered the problem and notified DoubleClick, as well as Google's security team that detected and blocked malware through its DoubleClick Ad Exchange filter [54193]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article is primarily related to software vulnerabilities rather than hardware issues. The incident involved malware being distributed through online ads served by DoubleClick, exploiting users' browsers through software vulnerabilities such as unpatched vulnerabilities and Adobe exploits. The malware was installed on users' computers without their interaction, indicating a software-related attack rather than a hardware-related failure [54193].
(b) The software failure incident in the article is attributed to software vulnerabilities and malicious code inserted into legitimate banner ads. The malware, named "hdd plus," was installed on users' computers through Javascript exploits and Adobe vulnerabilities, indicating a software-related failure [54193]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. The incident involved the distribution of malware through online ads served by DoubleClick, a Google-owned ad technology. The malware was designed to infect users' computers without their interaction, exploiting vulnerabilities in the users' browsers and PDF plug-ins. The malware installation process included displaying fake Windows warning messages to deceive users into purchasing a fake security program. Additionally, a backdoor was installed on infected machines, although its specific functionality was still being investigated at the time of the report [54193]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident:
- The incident involving DoubleClick distributing malware through online ads was not due to accidental decisions but rather a deliberate act by attackers who exploited vulnerabilities in the system to infect users with malicious software [54193].
- The attackers inserted Javascript into a legitimate banner ad to exploit users' browsers through vulnerabilities, leading to the installation of malware on users' computers [54193].
- The malware displayed fake Windows warning messages to users, urging them to purchase a security program, indicating a malicious intent behind the software failure incident [54193]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in Article 54193 can be attributed to development incompetence as it involved the distribution of malware through DoubleClick's ad technology. The malware was inserted into a banner ad by exploiting vulnerabilities in users' browsers, leading to the installation of malicious software on users' computers without their interaction. This incident highlights a lack of professional competence in ensuring the security and integrity of the ad-serving platform, ultimately resulting in the dissemination of harmful software [54193].
(b) Additionally, the incident can also be categorized as accidental, as it was not intentional for DoubleClick to serve malware through its ad technology. The malware infection was detected by security researchers who notified DoubleClick about the issue, indicating that the distribution of malware was not a deliberate action by the company. The accidental nature of the incident is further emphasized by Google's response, where they acknowledged the malware detection and took immediate action to block the malicious creatives from being served through their system [54193]. |
| Duration |
temporary |
(a) The software failure incident described in the article is more likely to be temporary rather than permanent. The incident involved the distribution of malware through online ads served by DoubleClick, affecting users who visited websites displaying the infected banner ad. The malware was installed as a drive-by download without the need for users to click on the ad. The malicious ad exploited vulnerabilities in users' browsers and PDF plug-ins to install the "hdd plus" software on their computers, prompting fake Windows warning messages to deceive users into purchasing a security program. Google, the owner of DoubleClick, acknowledged the issue and detected malware through its DoubleClick Ad Exchange filter, blocking the malicious creatives instantly. The incident was detected by Armorize's Hack Alert program, which scans websites for malicious activity. The malware was not detected by most anti-virus products, indicating a temporary failure in the detection and prevention mechanisms of those products [54193]. |
| Behaviour |
crash, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The malware distributed through DoubleClick's ad technology caused users' machines to be infected, leading to a fake Windows warning message appearing on the screen, indicating malware presence and prompting the user to purchase a security program. This behavior can be considered a system crash as it results in the system losing its state and not performing its intended functions [54193].
(b) omission: The incident does not specifically mention a failure due to the system omitting to perform its intended functions at an instance(s).
(c) timing: The incident does not involve a failure due to the system performing its intended functions correctly but too late or too early.
(d) value: The software failure incident can be associated with a failure due to the system performing its intended functions incorrectly. The malware installed on users' computers by the malicious ad caused the system to display fake Windows warning messages and prompt users to purchase a security program, indicating incorrect behavior [54193].
(e) byzantine: The incident does not exhibit a failure due to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident can also be described as a security vulnerability exploit. The attackers exploited vulnerabilities in users' browsers through the malicious ad, leading to the installation of malware on users' computers. This behavior highlights a security flaw in the system that was exploited by the attackers [54193]. |