Wacko finance.yahoo.com/mediaplex.com BMW Ad
Posted by Scott Laird Mon, 09 May 2005 20:07:49 GMT
A co-worker alerted me to a possible spyware problem on his Mac this morning–anytime he went to finance.yahoo.com, all of the ‘e’s in the body text of the page were replaced with ‘3’s linked to one of mediaplex.com’s ad servers. He was concerned that some nasty bit of spyware was infesting his Mac; today’s big Firefox security issues made him a bit nervous.
I couldn’t easily reproduce this on my Mac, so we went through his Firefox configs and couldn’t find anything out of the ordinary. Then we took a look at the source code for the page and saw this (sorry about the long lines; they’re that way in the original):
<style xmlns="" type="text/css">
@import url("http://us.js1.yimg.com/us.yimg.com/lib/hdr/ygma.css");
</style></head><body><!-- <script>function yfi_scraper(){var url='http://us.ard.yahoo.com/SIG=1247e20ui/M=342581.6409333.7385346.1829737/D=fin/S=7037371:FAD/EXP=1115674357/A=2709560/R=0/SIG=12auoe33c/*http://adfarm.mediaplex.com/ad/ck/1433-28823-1039-3?mpt=1115667157014528',tg=document.getElementsByTagName('b');for(var i=0;i<tg.length;i++){var el=tg[i];if(el.className=='e0'||el.className=='e1'||el.className=='e2'||el.className=='e3'){var st=el.innerHTML;var ct=new Array();for(var j=0;j<st.length;j++){var ch=st.substring(j,j+1);if(ch.toLowerCase()=='e'){ch='<a href="'+url+'">3</a>';}ct[ct.length]=ch;el.innerHTML=ct.join('');}}}}if(document.all&&document.getElementById)setTimeout(yfi_scraper,4500);</script>--><script xmlns="" type="text/javascript">
The long Javascript line is what causes the problem–it replaces all of the ‘e’s with ‘3’s linked to an advertising site, but not until a timeout has expired. So, either Yahoo put this there on purpose, or someone attached to one of their ad providers has the ability to stick random Javascript into their pages.
At this point, we finally decided to click on one of the ‘3’ links and found an ad for the new BMW 3-series cars. Suddenly the whole thing makes sense–it’s a weird advertising campaign for BMW.
I’m kind of amazed by this–Yahoo is willing to let advertisers deface Yahoo’s websites? I find this really repugnant.
Update: A lot of people have already noticed this, including The Motley Fool, Adjab.com, and Two Four One. I suspect that Technorati will have a lot of other comments shortly.
There’s a link under the 3-series ad on the front page that allows you to leave feedback about the ad. I certainly let them know what I felt.
-tim
Fire up your Zone Alarm and you’ll see this more and more at all major online sites. It’s just the next step in delivering “content rich” advertising as we all get over-saturated with traditional advertising (i.e. we all just ignore those banner ads and Google ads for the most part).