A co-worker alerted me to a possible spyware problem on his Mac this morning–anytime he went to finance.yahoo.com, all of the ‘e’s in the body text of the page were replaced with ‘3’s linked to one of mediaplex.com’s ad servers. He was concerned that some nasty bit of spyware was infesting his Mac; today’s big Firefox security issues made him a bit nervous.
I couldn’t easily reproduce this on my Mac, so we went through his Firefox configs and couldn’t find anything out of the ordinary. Then we took a look at the source code for the page and saw this (sorry about the long lines; they’re that way in the original):
At this point, we finally decided to click on one of the ‘3’ links and found an ad for the new BMW 3-series cars. Suddenly the whole thing makes sense–it’s a weird advertising campaign for BMW.
I’m kind of amazed by this–Yahoo is willing to let advertisers deface Yahoo’s websites? I find this really repugnant.