CYBER NEWS

Kyle & Stan Rede de Malvertising Com alcance Bigger

Kyle & Stan Com alcance BiggerCurrent situation
The researchers had an unpleasant surprise two weeks ago, após o lançamento do primeiro relatório Cisco sobre a campanha de distribuição de anúncios maliciosos, according to which the malvertising network of Kyle and Stan has approximately nine times bigger reach than the one first reported. The researches were given the chance to look at the telemetry data provided and in this way they found that that almost 6500 malicious domains have been involved. This is approximately nine times more than the original number of 703 malicious domains that were originally reported. The Cisco report further revealed that the number of the connections made to these domains is 31 000, which is more than three times of the originally reported 9 541 conexões.

The Researchers
Two of the researchers of the malvertising network of Kyle and Stan, Armin Pelkmann and Craig Williams, traced back the attack to 2012 and found out that it has been active for a much longer period than it was first reported.

‘We think it’s been a reasonably successful campaign [for the attacker],’ Williams said, ‘The numbers correspond to the number of times an attack was detected and blocked by a Cisco security device. Considering the number of times we’ve seen it, we think it’s significant.

The attacks of Kyle and Stan malvertising network

o malvertising network of Kyle and Stan is different from the other malware networks of the same type in two ways – first, it has been able to set ads on very large and popular websites such as Amazon; e em segundo lugar, the network has certain Mac OS X and Windows flavors of the malware.

De acordo com os pesquisadores de malware, when a certain victim is compromised, a unique spin on the malware reaches the machine and each spin has subtle differences in its packing, which results in a generation of unique MD5 checksum. When the victim visits a website that is hosting such malicious ad, the browser of the victim is redirected twice. The users of Mac and Windows are sent to a URL which is hosting a tailor made malware for each platform. When the malware reaches the final download URL, browser hijacker or spyware, it is automatically downloaded to the machine that is compromised or the PC user is fooled into installing it as it is bundled with legitimate software such as a media player.

How does Kyle and Stan malvertising network work

The malware researchers have reversed the malware files to find out that there is a unique part in each file, which makes the compute checksum absolutely different. This means that the Kyle and Stan malvertising network uses sophisticated techniques in order to store and mess up the data that is available on the site. This method is used by the cyber criminals in order to mislead the antivirus system on the computer and the other detection systems that are used.

The malvertising campaign of Kyle and Stan network is very successful as when the attacker succeeds in getting a malicious ad on the network by legitimately hosting an ad and paying a network to distribute it or by compromising a host serving ad, the attacker can grow a very quick campaign, than when the malware is distributed through phishing emails or spam.

The Future of the Malware

The malware researchers say that the malvertising network of Kyle and Stan is an example of the next malware evolution. It is characterized by embedding in the websites, which gives very good results. Por exemplo, even if only one percent of the website visitors see the ad, this means higher success rate than the one resulting from a spam campaign.

The consumers that are most susceptible to malvertising infections are the ones that use technologies on their devices with less than adequate detection. Among the things that can help here is the turning off JavaScript when there’s no need for it and using the Ad Block program.

Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...