User Infection Emerges Chiefly from Malvertising, Finds Malwarebytes

According to Malwarebytes the security company, malware-carrying ads or malvertising is a chief infection medium that is being utilized to affect end-users by the millions in 2015.

The Malwarebytes research is based on 3 massive zero-day assaults that impacted Flash Player. One of these assaults provoking the use of HanJuan attack toolkit revealed that cyber-crooks made a mean payment of 49p for each collection of 1,000 contaminated ads posted to key websites when e-traffic was at peak during the day. The payment was likely to decline to as much as 4p for every contaminated advert posted to not so important websites as also when e-traffic was low during the day.

Malvertising posted to popular websites such as Daily Motion, Answers.com or The Huffington Post that are considered to have millions of distinct users have been behind exposing numerous end-users to 0-day assaults. Even enterprises and individuals working with Flash Player, Firefox or Internet Explorer (latest versions) can get contaminated instantly if exposed to such assaults that especially earn the cyber-criminals profits.

Moreover, a single 0-day runs over a period of nearly 2 months so exploits can in particular gain wide-reaching impacts.

Unfortunately, the working of Internet advertising industry merely enables the con artists to survive. The existence of bidding engines let the ad owners choose particular population groups while filter out illegitimate end-users and compromising the chosen people lets increased attacking of particular exploits.

According to Senior Security Researcher Jerome Segura at Malwarebytes, developers of attack toolkits abuse the most widely used security flaws for creating highly efficacious tools. In 2014, the company saw fresh security flaws getting discovered and exploited much faster. Awareness about 0-day attacks is low and majority of individuals and enterprises lack adequate resources towards tackling them. While it was foreseeable that Flash 0-days would escalate more and more during 2015, seeing 3 massive 0-days occurring very close to each other represented one unique situation. Consequently, in the face of this unexpected happening, individuals and enterprises require imbibing fresh tools for the protection of their assets, the researcher concludes. Infosecurity-magazine.com reported this dated June 2, 2015.

» SPAMfighter News - 6/12/2015