Cisco - Malvertising Strikes Windows and Mac Users

Security giant Cisco recently revealed that cybercriminals have been caught using Yahoo, Amazon and YouTube domains to distribute adware, spyware and browser hijackers on both Macs and Windows.

This technique is known as malvertising wherein malware is served through online ads which is a constant nuisance on the Internet. It depends on network of online ad to spread malware to visitors of popular websites.

The malvertising network called 'Kyle and Stan' contains more than 700 malicious domains from 74 large websites and has made 9,541 connections to potential users since May 2014. Cisco has found at that time that some of the domains with higher traffic serving malicious ads include ads.yahoo.com, amazon.com, youtube.com and www.winrar.com.

Threatpost.com reported on 9th September, 2014 quoting Armin Pelkmann, a Researcher of Cisco, as saying "Once the users get diverted towards the ultimate URL, the website automatically begins downloading unique strain of malware for each user. The file is a package of authentic software such as media player and collects malware and a unique-to-every-user configuration into the downloaded file. The scammers are entirely depending on social engineering tactics to compel the Internaut to install the software package. Drive-by exploits are not being used so far and the best thing we are seeing is this technique working not only for Windows but also for Mac operating systems, similarly."

When Mac patrons visit a site which exhibits a malicious promo, they are directed to a webpage where they are served with an authentic app named MPlayerX. But, the media player is compiled with a number of adware pieces VSearch and Conduit which hijack browsers of victims.

Users of Windows are served with an adware and spyware dropper. Cisco analyzed the instances and found the involvement of only spyware, adware and browser compromisers but security pundits deem that other kind of malware could also be circulated by the criminals.

The attackers can use different domains for short time because many domains are available. This tactic leads to evading detection too.

Cisco concluded that they are facing a well-engineered and extremely vigorous malware delivery network which won't be fought till they identify the minds behind this.

» SPAMfighter News - 9/17/2014