Several Popular Websites Serving Users With Malicious Ads
According to a security firm ScanSafe, various popular sites, like Horoscope.com, Drudge Report, and Lyrics.com, were recently detected of unintentionally serving malicious banner advertisements to users, specially designed to compromise their systems with a Trojan downloader, reported SCMagazineUS.com on September 24, 2009.
Mary Landesman, Senior Security Researcher at ScanSafe said that such a higher magnitude of malicious advertising affecting users who encountered the ad, has not been witnessed till date, as per the news published by SCMagazineUS.com on September 24, 2009.
Landesman further gave necessary details on this malicious advertising. She said that the advertisements appeared to be delivered to Drudge Report along with other websites via various third-party ad networks, or through other services providing assistance in managing the delivery of advertisements. Google's DoubleClick, ValueClick and YieldManager's FastClick network are the services which were involved in this particular attack.
Landesman added that somehow attackers managed to infuse the malicious ads into the systems contained in the aforementioned network, which consequently led to the delivery of malicious ads to popular websites.
According to Landesman, accessing any of the sites serving spiteful ads resulted in the creation of a malicious PDF to abuse known and patched flaws in Acrobat and Adobe Reader. She explained that in such a case, a briefly opening PDF window appears at the bottom of the users' screen. The attackers would also pop an appxoximately invisible window that contains maliciously encoded PDF document pop-up in the user's browser. This window includes attack code which positioned a Win32/Alureon Trojan variant on the victim's PC.
Meanwhile, security experts describe Alueron as a family of trojans having various components that are capable of downloading and executing random files, hijacking the browser to display bogus Web pages, like the case mentioned above. It also tracks the queries performed by the user with popular search engines.
Landesman added that the mal-advertised ads would also look for abusing a patched vulnerability in Microsoft's Direct Show software.
In the meantime, this attack took place just a week after it came to notice that hackers were inadvertently sold advertisement space by the New York Times that caused rogue anti-virus products' advertisements to be served to the users.
Related article: Several Haxdoor Variants Impose Harmful Behavior
» SPAMfighter News - 16-10-2009