Malicious Ads Detected on Double-Click Network of Google

According to security investigators at Armorize the web-security company, malevolent advertisements are being distributed through the Double-Click network of Google, which result in drive-by download problems. SoftPedia published this dated August 26, 2011.

Apparently, Armorize's scan engines found Adify, belonging to Cox Digital Solutions, as providing the malicious ads. Adify in turn got the malvertisements from Pulpo Media to whom the attackers posing as the indistic.com advertisers supplied initially.

The malvertisements reportedly result in Web-browsers accessing them to install attack codes from a malicious domain called kokojamba.cz.cc that has an active BlackHole exploit kit. Presently, of the 44 scan-engines from VirusTotal only 7 have managed in spotting this malicious program.

While being used as an extremely common drive-by download assault toolkit, the BlackHole carries exploits to abuse security flaws within Windows, Flash Player, Java, and Adobe Reader.

According to Armorize, creators of malicious software robustly utilized the above services previously. They applied impersonation and social engineering tactics for duping ad-networks into taking the malware authors' advertisements following which they began delivering malware via them.

Numerous reputed Internet sites have been struck with malicious ad attacks such as Al Jazeera, Yahoo! Philippines, Autotrader.co.uk, Spotify and others, recently. The perpetrators normally tricked Internet sites into executing their advertisements straight away rather than passing them via ad-networks that maintain comparatively improved trained personnel carrying out vigorous background checks.

Armorize observed that the foremost web-link within the sequence of contaminations led onto all sites utilizing Google Double-Click pertaining to Publishers (Google DFP): <script type='text/javascript' src='hxxp://partner.googleadservices.com/gampad/google_service.js'> that produced one <script src> label. The security company described all the nine web-links that featured during the entire instance of malvert assaults.

Its researchers stated that conventionally malvertisements were utilized for promoting scarewares; however, they were now muted to deliver malware, which abused security flaws within obsolete software.

During December 2010, Armorize detected one massive malvertizing assault, which impacted the Double-Click network of Google as also the Microsoft-used server 'rad.msm.com' for supplying ads to different websites, including MSN and Hotmail.

However, for remaining safeguarded against such assaults, specialists suggested computer-users for using updated software as also deploying anti-malware solutions that effectively scrutinized web-traffic.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 9/8/2011