Enormous Malvertising Campaign Strikes Users in Europe and the US

Securityweek.com reported on 11th June, 2015 stating that researchers of security firm Websense have identified an enormous malvertising campaign hitting Web users in Europe and the U.S.

The attack is aimed on users who are browsing many heavy-trafficked sites including CNN Indonesia, the official portal of Prague Airport, AASTOCKS, Detik, Facebook's online game Bejewled Blitz and RTL Television Croatia.

Websense said that the attack had targeted OpenX which is an advertising platform.

Scmagazineuk.com published a report on 12th June, 2015 quoting Carl Leonard, Principal Security Analyst at Raytheon/Websense as saying "the code initiated a redirect which led to the Angler Exploit Kit; this in turn exploited FlashPlayer vulnerability."

Bunito Trojan is implanted in a PC through exploitation of a FlashPlayer.

The malware successfully turns an affected machine into a zombie computer to make it available for malicious activity in future.

Websense said that the malware sends regular 'heartbeats' back to the C&C letting its attackers know which systems are infected and active.

Infosecurity-magazine.com published a report on 12th June, 2015 quoting Leonard as saying "Advertising networks are getting more popular amongst cyber-criminals because they open up avenues to infect millions of users with minimum effort. The rising nature of dodging, secrecy and variation existing in the malicious code call for more deployment of security solution than before to stop threats at numerous points in the kill chain."

The six stages of this malicious campaign is lure, recon, exploit kit, redirect, dropper and calling home.

Malvertising has developed increasingly to become a major threat to several online enterprises over the last few years. In early 2015, security experts have identified malware being spread through malicious promotional ads on well-known adult website known as xHamster. Moreover, Hugo Boss, a fashion retailer has also disclosed that few of its promotions had been compromised along with malware surfacing on the Huffington Post and many other news websites.

Scmagazineuk. published news on 12th June, 2015 quoting Mike Smart, Marketing Director of security firm Proofpoint, as saying "The attack on advertising platforms acts as a reminder that genuine sites can be malicious. Users can reduce the chance of getting compromised by ensuring that their security software is updated and it has real- time access to threat intelligence."

» SPAMfighter News - 6/23/2015