Categories: CyberCrimeSecurity

Malvertising Campaign Exposes 50 Million To Malware

Security researchers have warned that a large-scale malvertising campaign is exposed millions of Internet users around the world to malware.

The warning comes after Facebook last month signed a new partnership deal to tackle malvertising on its site.

Large Campaign

According to Websense Security Labs, the latest malvertising campaign exposes potentially up to 50 million web users to some nasty malware.

When a web user tries to browse to websites such as CNN Indonesia, the official website of Prague Airport, Detik, AASTOCKS, RTL Television Croatia, and the Bejewled Blitz game on Facebook, they are potentially exposed to this malware thanks to compromised OpenX scripts. The nasty code is “evasive and stealthy” and leads to the Angler Exploit Kit which exploits an Adobe Flash flaw in order to insert the Bunitu trojan onto the PC.

“The code injected into the compromised Revive Adserver scripts in this campaign have been seen to lead to the very prevalent Angler Exploit Kit,” said Websense in a blog posting. “The injected code is not always sent when the script is requested, making it difficult to detect with automated analysis tools. In addition, Angler Exploit Kit will only serve up the malicious exploit code once per IP in a 24 hour period or so.”

“Since April we have seen compromised Revive Adserver scripts being used by several highly popular websites,” said the security firm. “Some of these only seem to contain the injected code for 24 hours, whilst others have remained compromised for weeks.”

It seems that the malware can turn the victim’s PC into a zombie machine that can be used maliciously in the future. And it also contacts its C&C so the hackers know which machines are infected and available to them.

The six stages of this malvertising campaign is recon, lure, redirect, exploit kit, dropper, and call home.

Malvertising Scourge

Malvertising has grown steadily to become a significant threat to many online organisations over the past few years. That said, other tech firms have followed Facebook’s lead to provide protection for their users.

Earlier this year, security researchers have spotted malware being distributed through malicious advertisements on popular adult website xHamster.

And fashion retailer Hugo Boss has also revealed that some of its adverts had been compromised, with malware appearing on the Huffington Post and several other news sites.

How much do you know about hacking? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

Recent Posts

Marriott Agrees To Pay $52 Million To Settle Data Breaches

To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…

2 days ago

Tesla Shares Drop After Cybercab Unveiling

Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…

2 days ago

AMD Launches New AI, Server Chips To Expand Nvidia Challenge

AMD unveils new AI and data centre chips as it seeks to improve challenge to…

3 days ago

Chinese Hackers Breach US Wiretap Systems – Report

AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform

3 days ago