Malvertising Scam Disturbs more than 113,000 US Users, Says Trend Micro

Trend Micro lately said that it detected malicious advertisements exhibited on YouTube, while those also diverted over 113,000 Internauts within USA onto dangerous websites within merely one month.

Usually, Internet advertising firms remain on the lookout for such advertisements for blocking them as the ads move about across their networks; still some of the harmful ones occasionally get through. However, hackers reap immense benefit from such ads that could yield them many victims once displayed on a site that receives large traffic.

According to Fraud Researcher Joseph Chen at Trend Micro, the latest malvert flow was a disturbing occurrence. For, besides getting displayed on YouTube, the ads appeared on videos that received over 11m views. Indeed, one popular record label uploaded one specific video, an audio one that numerous people viewed, reveals Chen. Computerworld.in published this, October 15, 2014.

The researcher blogged that Web surfers visiting the advertisements got returned via 2 servers situated within Holland.

He elaborated that the attackers attempted at making their campaign appear genuine so they picked one Polish government website whose DNS information they modified. They didn't hijack that site rather added sub-domains to alter its DNS information. The sub-domains would take onto the attackers' servers, Chen said. Help-Net-Security published this, October 14, 2014.

Chen continued that the victims eventually got diverted onto one US-situated server that supported a known exploit kit, Sweet Orange.

Furthermore, the current attack's final payloads represent the KOVTER group-of-malware, the new variants identified as TROJ_KOVTER.SM. KOVTER has long been employed for different ransomware assaults. However, it's short of the encryption functionality seen in the CryptoLocker type of advanced assaults. The online sites, which TROJ_KOVTER.SM abuses for exhibiting the false alerts, have been withdrawn.

Meanwhile, Microsoft sometime back found the aforementioned flaw within its Internet Explorer browser and so issued one patch during May 2013. If anybody has deployed that updated IE/Adobe/Java, he'll be protected from the assault. In the case of previous versions, users will remain vulnerable since the online crooks continue to use them.

Trend Micro has by now apprised Google about the malvertising campaign while expects that Google will deal with the perpetrators fast.

» SPAMfighter News - 10/23/2014