Researchers Demonstrate Exploitation of Online Advertisement Networks
The Register reported on 31st July, 2013 that security researchers have shown how hackers can use ad networks to create ephemeral and hard-to-trace botnets which can perform distributed-denial-of-service (DDoS) attacks at the click of a button.
Jeremiah Grossman, CTO of WhiteHat Security and Matt Johansen, Manager of Threat Research at WhiteHat security gave a presentation at the Blackhat Conference in Las Vegas on Wednesday, 31st July, 2013 demonstrating a real world malicious attack where advertisement servers were maneuvered into serving up code which caused web browsers to connect to targeted websites.
Threatpost.com published a report on 31st July, 2013 quoting Grossman saying "When you go to any webpage, that page controls your browser as long as you are there to make any request for any location on the planet. So the nature of the problem is that when you insert code on an advertisement network, it gets in frontage of loads of users and we control lot of web browsers which is the web infrastructure. When you go to a website, it pulls in images and resources from all over the Web and you are able to do that. We are using exactly the same features to our advantage."
Johansen said that the only way to trace this WhiteHat would be to go to ad network and use the credit card to buy the malicious adverts and it's not very difficult for hackers to illegally and secretly gain access to credit cards.
» SPAMfighter News - 09-08-2013