Gigantic Malvertising Scam Spreading
One extremely huge malvertising campaign has gripped the World Wide Web impacting about several dozen frequently visited porn websites; with more than 250m total visits combined each month, caution security researchers. Infosecurity-magazine.com published this in news on May 7, 2015.
From an observation that Malwarebytes the security company has done, the malicious advertisements promote sexual enhancement medicines while the advertisement network which cyber-criminals are exploiting is AdXpansion.
Immediately when a bad ad appears on any Web-browser, there is an automatic and instant effort for manipulating the end-user by using any version of Adobe Flash Player, even the 220.127.116.11 edition issued just 2 months back, without performing any click. Moreover, after getting contaminated with malware whether that is geo-location based or any victim-trait based, the result could be theft of information, encryption of files, demand for ransom, or any other online crime.
While payload of the malicious software can be different, there may be various malevolent binaries planted through one Neutrino-like EK, Malwarebytes states.
Further according to Jerome Segura, Researcher at Malwarebytes, attack toolkits have a trend of appearing like advertisers who exploit Flash to provide both the attack mechanism as well as creative within a single package. Infosecurity-magazine.com published this.
Additionally stating Segura blogged that the above approach was modest that apparently worked pretty effectively. Blog.malwarebytes.org published this in news dated May 7, 2015.
In connection with the malvertising problem, Malwarebytes states that a notification to AdXpansion has been done and the latter has informed that the ad provider due to whom the problem occurred had stopped.
Incidentally, it was when Malwarebytes’ security researchers spotted one malvertising scam affecting the widely-visited adult site XHamster that the news about AdXpansion advertising network’s exploitation with the malvertising scam arrived. The malvertising assault was the second thus far during 2015 impacting the website after one previous getting reported during early 2015 in the month of January.
According to Head of Malware Intelligence Adam Kujawa at Malwarebytes, the sinister ad that TrafficHaus an ad provider served was detected of late and stopped from getting displayed. Scmagazine.com published this in news on April 27, 2015.