Malicious Ads on YouTube Videos Distribute Ransomware from the Kovter Family - How to, Technology and PC Security Forum |

Malicious Ads on YouTube Videos Distribute Ransomware from the Kovter Family

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

In the last month or so, malware researchers from Trend Micro have been observing malicious ads, a part of which were displayed on YouTube that have redirected over 113 000 users to harmful webpages. Reportedly the cyber crooks have managed to implement the malicious advertisements in some of the most popular videos on YouTube.
Despite all efforts on behalf of the advertising companies to identify and block ads like this from being spread on their networks, some of the “bad guys” happen to make it through. They often help their creators make big profits, if the malicious ads end up on popular websites with high traffic.

The experts following the campaign explain that the ads in question do not redirect the user from YouTube to a malicious site directly. Instead, the hackers make it look as if their actions are legitimate by bouncing the traffic through two servers in the Netherlands before the users land on the malicious server, located in the US.

A Ransomware from the Kovter Family Distributed to the Affected PC

The US-based server hosts the Sweet Orange exploit kit, which exploits vulnerabilities in IE, Adobe or Java Systems’ Flash application. In case the attack on the targeted system has been successful, a ransomware from the Kovter family is delivered to the compromised machine, encrypting the users’ files and demanding a fee.

The KOVTER ransomware is distributed from a Polish government website, whose DNS information has been modified by the cooks for the purposes of the campaign. The hackers have added subdomains that lead to their servers. How exactly they have managed to do so, is still unclear.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share