Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Researchers Demonstrate Exploitation of Online Advertisement Networks

The Register reported on 31st July, 2013 that security researchers have shown how hackers can use ad networks to create ephemeral and hard-to-trace botnets which can perform distributed-denial-of-service (DDoS) attacks at the click of a button.

Jeremiah Grossman, CTO of WhiteHat Security and Matt Johansen, Manager of Threat Research at WhiteHat security gave a presentation at the Blackhat Conference in Las Vegas on Wednesday, 31st July, 2013 demonstrating a real world malicious attack where advertisement servers were maneuvered into serving up code which caused web browsers to connect to targeted websites.

The 'Million Browser Botnet' took benefit of the actuality that users at ad networks usually don't have skills or awareness to categorize malicious JavaScript (JS) code. Securityweek.com reported on 1st August, 2013 quoting Grossman and Johansen saying that if the foe managed to insert code into a well-known website then the consequential botnet may perhaps be so big to become unstoppable."

Threatpost.com published a report on 31st July, 2013 quoting Grossman saying "When you go to any webpage, that page controls your browser as long as you are there to make any request for any location on the planet. So the nature of the problem is that when you insert code on an advertisement network, it gets in frontage of loads of users and we control lot of web browsers which is the web infrastructure. When you go to a website, it pulls in images and resources from all over the Web and you are able to do that. We are using exactly the same features to our advantage."

Theregister.co.uk published a report on 31st July, 2013 quoting Johansen of WhiteHat answering his own question "What's the benefit of hacking this way - why not do a traditional DDoS attack ?" by saying "There is no trace of these. The JS (referring JavaScript) gets served up and it goes away which is very easy."

Johansen said that the only way to trace this WhiteHat would be to go to ad network and use the credit card to buy the malicious adverts and it's not very difficult for hackers to illegally and secretly gain access to credit cards.

» SPAMfighter News - 8/9/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page