Home > Cyber News > Kyle and Stan Malvertising Network – A New Threat for Windows and Mac Users

Kyle and Stan Malvertising Network – A New Threat for Windows and Mac Users

Kyle and Stan – A brand new malvertising network has been affecting Windows and Mac users who visit popular webpages such as amazon.com and youtube.com since May this year. The cybercriminals use Yahoo, Amazon and YouTube domains to infect users with adware, spyware and browser hijackers. To serve malware via online advertisements is a serious and persistent issue on the Web that assures that various malware is spread via advertising networks to the users of popular webpages.

The Nature of Kyle and Stan Malvertising Network

The malicious network has been given the name Kyle and Stan based on fact that the creators of the malvertising network included “kyle” and “stan” in hundreds of their subdomains. So far the network consists of more than 700 domains from 74 popular sites and has created 9 541 connections to potential victims. Because the domains used by the network have a distinct naming pattern, security researchers believe this is only the “tip of the iceberg.” Such pattern suggests that a large number of domains are automatically registered.

The large number of domains allows the attackers to use a certain domain just for a very short time, burn it and move on to use another one for future attacks. This helps avoiding reputation and blacklist based security solutions. All in all we are facing a very robust and well-engineered malware delivery network that won’t be taken down until the minds behind this are identified,” explains Armin Pelkmann from Cisco’s Talos Security Research Team.

Custom Made and Individually Wrapped: A Unique Piece of Malware for Every User

Malvertising works in the following manner: the infected advertisement is inserted in the stream of an already active online ad network that delivers it to the different webpages. As soon as the user clicks no the ad, he is being redirected to another site where the user is lured into installing malware on his computer via social engineering tactics. This is also the infection pattern used by Kyle and Stan. Researchers report that Mac and Windows users are being redirected to different malware, so both OS get infected. So far the attackers use a variety of spyware, adware and browser hijackers, but other types of malware may also come in play in the future. The droppers used in this scheme rely on encryption in order to acquire a different checksum for every threat.

The people behind the malvertising network have not been identified so far. It has been active since May this year, with high activity registered in June and July.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share