Don
Malware in Ad Networks Infects Visitors and Jeopardizes Brands
Posted: Wednesday, October 22, 2014
By Wayne
In the past few days, researchers at Proofpoint have detected numerous high-traffic websites hit by a malvertising campaign. These websites include various properties in the Yahoo, Match.com, and AOL domains, among others, potentially exposing as many as 3 million visitors per day and generating an estimated US$25,000 per day for the attackers.
PART I: Overview of a malvertising campaign
What is Malvertising?
As we described recently, Malvertising attacks use online advertising channels to infiltrate malware into the computers of unsuspecting users by embedding malicious code within legitimate advertisements on trusted websites. There is no visible indication that the trusted site is compromised: simply by visiting a site, users can get infected via “drive-by download”. Malvertising attacks are particularly hard to detect because most advertising on trusted sites comes from a variety of ad networks – different visitors will see different ads from different places, not all of which will be malicious. Malvertising attacks are a growing problem; research shows that billions of malicious advertisements are being served each year. Malvertising attacks are especially virulent for two reasons. First, leveraging the online ad network gives attackers the ability to target specific groups; attackers can ensure infection across a designated demographic or targeted set of audiences. Second, because there are so many players in the supply chain through which a given advertisement passes, attackers can more easily avoid detection.
The impact of Malvertising is not limited to end-users; the publishers and advertisers are also victimized to the extent that they are exposed to brand damage: end-users are unaware of the distinctions between sites, networks, and stolen ad creative content. As more and more business-related sites carry ads, and attackers increasingly leverage the online ads ecosystem to target users, the security implications of malvertising are significant for publishers and Enterprises alike.
What did Proofpoint detect?
Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 on end-users’ computers. Similar to the behavior of other “ransomware,” CryptoWall then encrypts the end-users’ hard drive and will not allow access until the victim pays a fee over the Internet for the decryption key. Typically, the end-users face an escalating time deadline; failure to pay by the deadline results in their hard drives being permanently encrypted, thus rendered effectively useless, with all information inaccessible.
Which websites were impacted?
Read More...http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php
- Encrypt and Decrypt or Digitally Sign files via GnuPG GUI and other methods as well
- FireEye - Fox IT Scanner
- How to PGP encrypt, decrypt or digitally sign files via GnuPG GUI - Xmodulo
- DEFCON 16: Malware RCE: Debuggers and Decryptor Development - YouTube
- VirusTotal is a free service that analyzes suspicious files and URLs
- How to Make a Quick and Easy Online Antivirus Check of a File or App Before Downloading it
- VirusTotal - Free Online Virus, Malware and URL Scanner
- VTchromizer - VirusTotal
- VTzilla :: Add-ons for Firefox
- VTzilla - VirusTotal
- RansomWare
- CryptoLocker Ransomware Information Guide and FAQ
- Cryzip Ransomware Trojan Analysis
- How to Clean and Protect Your Android Device Against Ransomware
- How to Deal with the Ransomware Called CryptoLocker
- IntelCrawler - Multi-tier Intelligence Aggregator - Copycat ransomware demands cash to unscramble files
- Latest ransomware, Cryptolocker, hits systems and pocketbooks hard - TechRepublic
- Massive botnet takedown stops spread of Cryptolocker ransomware - Computerworld
- Ransomware 2.0 Comes to America
- Ransomware Crooks Offering Customer Service
- Ransomware hits admin workstation and kills 7 servers
- Ransomware leverages victims' browser histories for increased credibility - Computerworld
- Ransomware Removal - YouTube
- The FBI locked your computer? Watch out for new spins on ransomware | TechRepublic
- What Ransomware is and How to Deal with It
- Add Blockers, Web Browser Addons
- Adblock Plus: Save your time and traffic
- Known Adblock Plus subscriptions
- Adversity Adblock List
- Adblock Plus Pop-up Addon
- AdBlock for Google Chrome now stops ads before they download
- Element Hiding Helper
- Adblock Plus :: Firefox Add-ons
- Adblock Plus Filter Uploader Add-ons for Firefox
- Adblock Plus Watcher Add-ons for Firefox
- Adblock Plus :: Add-ons for Firefox
- Meet the Speed DNS Developer :: Add-ons for Firefox
- Search Add-ons Add-ons for Firefox
- Adblock Plus :: Add-ons for Thunderbird
- Chrome Web Store - Adblock Plus for Google Chrome™ (Beta)
- Chrome Web Store - AdBlock
- Virus info Linux and Windows
- Antivirus scan for 5cb14d0745d7b09bcbeba3114cc06c5f at UTC - VirusTotal
- avast! blog » Linux Trojan “Hand of Thief” ungloved
- avast! Linux Home Edition
- best security list 2013 - Search on DonsDeals Blog
- Best Security List - Google Custom Search on DonsDeals Blog
- best secutriy list - Google Custom Search on DonsDeals Blog
- Clam AntiVirus
- Clam AntiVirus
- ClamWin CD/USB - HowTo
- Comodo - Google Search
- Computer worm - Wikipedia, the free encyclopedia
- crafted.win32file.ols - Google Search
- CrowdStrike: HTTP iframe Injecting Linux Rootkit
- DonsDeals: Avast! AntiVirus For Both Window and Linux Home Edition
- DonsDeals: BBC NEWS | Programmes | Click | BBC team exposes cyber crime risk
- DonsDeals: Best Free Rootkit Scanner/Remover
- DonsDeals: Conficker Worm Called An Epidemic
- DonsDeals: CrowdStrike - HTTP iframe Injecting Linux Rootkit (Vrius info)
- DonsDeals: Download Comodo System-Cleaner
- DonsDeals: Facebook Users Targeted By Fake Virus Alert
- DonsDeals: Firewall & Antivirus Software Suite - Internet Security | Comodo
- DonsDeals: Free Agent: Linux Firewalls and Antivirus--Needed or Not? - PCWorld
- DonsDeals: Free Desktop PC Security - Free Downloads Keep your PC Safe | Comodo
- DonsDeals: Immunet v2 update on the way: adds multi-engine malware and virus scanning to cloud-powered core
- DonsDeals: Jotti's malware scan
- DonsDeals: Linux users be Aware of this Trojan - Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- DonsDeals: M86 Security Finds URL Filters Anti Virus Scanners Ineffective
- DonsDeals: New Kneber Botnet Tied To 75 000 Systems
- DonsDeals: PC Hell: Free RootKit Removal Tools and Software
- DonsDeals: Privacy = Security and Security = Privacy...
- DonsDeals: Probably the best free security list in the world
- DonsDeals: Probably the Best Free Security List in the World
- DonsDeals: Probably the Best Free Security List in the World - Updated 28. August 2012
- DonsDeals: Re: Viruses now penetrating deeper | Tech News on ZDNet
- DonsDeals: Setting up Avast Antivirus to Protect your Windows PC...
- DonsDeals: TDL4 MBR Rootkit Virus Alureon TDSS Removal by Britec - YouTube
- DonsDeals: The first Linux botnet? | ITworld
- DonsDeals: There are Viruses, Trojans, Worms and Rootkits, that can infect a Linux OS
- DonsDeals: Trinityhome : New TRK 3.4: easier than ever before
- DonsDeals: Updated Conficker Ropes Victims into Rogue Antivirus Scam
- DonsDeals: VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 37 AntiVirus Engines!
- Download Enhanced Mitigation Experience Toolkit 4.1 from Official Microsoft Download Center
- Download RogueKiller (Official website)
- Download System-Cleaner
- Firewall & Antivirus Software Suite - Internet Security | Comodo
- Free Antivirus for Windows - Open source GPL virus scanner
- Google Translate - http://www.chkrootkit.org/download.htm
- Hand of a Thief malware targets Linux users’ bank accounts | Apps and Software | Geek.com
- Hand of Thief malware could be dangerous (if you install it) - TechRepublic
- How to Detect Rootkits on a Computer | eHow.com
- Jotti's malware scan
- KlamAV
- KlamAV - ClamAV for KDE | Free Development software downloads at SourceForge.net
- klamav - Google Search
- KlamAV GUI Screen Animation
- Linux Today - Hand of a Thief malware targets Linux users' bank accounts
- Linux Virus - Google Custom Search on DonsDeals Blog
- Lynis
- 'Neverquest' trojan threatens online banking users - Computerworld
- New Linux Rootkit Emerges | threatpost
- News | VirusBlokAda
- Online banking faces a new threat - Securelist
- online virus scan file upload - Google Search
- Powerful Free Microsoft Security Tool EMET has Been Updated
- Probably the Best Free Security List in the World
- Remote PC through VPN Access - Secure Remote Access | Comodo
- remove sasser virus - Google Search
- remove sasser virus - Google Search
- RogueKiller - CNET Download.com
- rootkits computer - Google Search
- Rootkit - Wikipedia, the free encyclopedia
- Search results for Gizmo's Freeware website
- The Rootkit Hunter project
- trinity - Google Search
- Trojan horse (computing) - Wikipedia, the free encyclopedia
- trojans computer - Google Search
- Trojans - Google Search
- trojan.tdss-7762 - Google Search
- Trojan - Trojans and Viruses in Computer Networking
- Unhide homepage - Welcome
- VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!
- wine gecko - Google Search
- WinPlanet Downloads for Windows Desktop Utilities
- worms computer - Google Search
- Neverquest Trojan: Built to Steal from Hundreds of Banks | We use words to save the world | Kaspersky Lab Official Blog
- Neverquest banking malware more dangerous than Zeus trojan - TechRepublic
- Security firm IDs malware used in Target attack - Computerworld
- A First Look at the Target Intrusion, Malware — Krebs on Security
- IE10 under attack as hackers exploit zero-day bug - Computerworld
- Adobe Releases Fix for Two Shockwave Player Vulnerabilities | Digital Trends
- How to Protect Your Linksys Router from TheMoon Malware | Digital Trends
- New Malware Targets Linksys Routers
- Surviving the Death of Windows XP
- What you need to do about Heartbleed - Computerworld
- Fake Antivirus Targets Firefox | PCWorld
- Remove Fake Microsoft Security Essentials Alert by Britec - YouTube
- Adobe patches critical flaws in Flash Player and AIR - Computerworld
No comments:
Post a Comment