CYBER NEWS

Malware Advertising Campaign Reached High-Profile Website Visitors

The Malicious Advertisements

At the end of August malicious advertisements have been directing some of the visitors in several high profile websites to browser exploits that installed malware on their computers.

In the period between 19th and 22nd August the visitors of several popular websites including TMZ.com, Java.com, Photobucket.com, Deviantart.com, eBay.ie, IBTimes.com, TVgids.nl and Kapaza.be have been attached in a malware advertising campaign. The malware researchers confirm that these websites have not been compromised as they are themselves victims of malicious advertisements.

In this case the advertisement provider distributed these ads on the website infecting the users with malware. This was done through AppNexus, a company that provides regular online advertising platforms, which redirected the visitors to the Angler exploit kit to install Asprox botnet malware. According to the malware experts this tool operates on the vulnerabilities in the outdated versions of Microsoft Silverlight, Flash Player and Java and secretly installs malicious programs on the computers of the users to perform advertisement clicking fraud.

The New Aspects of Asprox

Asprox is known to the malware experts for sending spam, however today it comes in a sophisticated form and has increased its malicious functionality since it can scan websites for vulnerabilities and can steal user’s log-in credentials that have been stored on their computers.

How Does Asprox Work?

The cyber attackers know well the online advertising practice of retargeting and in this case they use it in order to make the attack difficult to be detected. As the malware experts know, the retargeting is the process during which the PC users receive tracking data like files and cookies when they visit some brand websites. Later these same users are shown advertisements of those brands on the websites they are browsing. When the PC users are retargeted later, the tracking data delivers malicious content to their computers along with the data.

The Advantages of the Attackers

  • The cyber criminals here are selective and they display the rogue advertisements only to browsers that store certain metadata.
  • The site owners find it difficult to detect the rogue content or to investigate the reports from the affected PC users.
  • The cyber attackers have the advantage of the real-time bidding, which is used to offer ads to users based on their location, browsing history and browser type.
  • Due to the selective targeting, the website owners cannot estimate the number of victims. The users who have visited the affected sites in the second half of August 2014 should scan their computers for malware.

What should the users do?

It is quite difficult for the PC users to stay protected against this specific type of malware attack; however, they can take certain steps to reduce the risk. This includes:

  • enabling of the click-to-pay option for the plug-in-based content in the browsers that offer that feature
  • keeping the plug-ins of the browser up to date
  • disabling the plug-ins that are not need
  • using extensions to block ads

The Malvertising problem is taken quite seriously by the malware analysts. They do their best to identify the complex nature of these malware advertising campaigns attacks and to remove the source through different tools.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...