Advanced Malvertising Attack Hits T-Online Website – Invincea

A very sophisticated malvertising attack is using malicious online promotional ads on the homepage of Germany's biggest broadband service provider 'T-Online' (T-Online.de), said security firm Invincea recently.

According to the security vendor, T-Online.de visitors were slapped with advertisements that were maligned with an advanced rootkit, information stealing computer Trojan besides click-fraud malicious software in convoluted attacks designed particularly to embezzle financial details, gain constant hold of victim's computer and compromise them for other scandalous activity.

The cyber crooks using T-Online's website in their assault configured their malicious advertisements to use just-in-time (JIT) malware assembly on victim systems, and integrated Windows utility-based scripting to evade conventional endpoint and network barricades, said Invincea.

Only endpoint gadgets running protected virtual container and behavioral recognition defenses are able to unfailingly defeat these kinds of assaults on end users, Invincea said, published by infosecurity-magazine.com on October 22, 2015.

A study launched by Invincea highlighted that the cybercriminals employed the malvertising campaign to deliver the infamous Tinba Trojan, a threat devised to embezzle financial details, and well-known click-fraud Trojan, Bedep, which turn tainted systems into zombie hosts which create a profit for cyber crooks by clicking on advertisements without the knowledge of the victim.

The malicious advertisements were proposed to take Internauts to an exploit kit (EK) landing page that exploited a Flash Player flaw to thrust malware onto victims systems. The exploit kits employed for these assaults employed many domain names, but these domains directed to a similar set of IP addresses, notes Invincea.

It is probable that a large number of T-Online subscribers have been struck by this malvertising operation. The ISP's website is the 10th most famous website across Germany and 296th globally as per Alexa rankings, making it the kind of hugely-traffic domains desired by malvertising cybercriminals, stressed Invincea, as published by finextra.com on October 23, 2015.

Interestingly, security pundits at security outfit Malwarebytes have also examined this malvertising operation. It says that besides T-Online.de other highly visited websites that were targeted includes the likes of eBay.de (131 million monthly visitors), arcor.de (7.6 million monthly visitors), and swp.de (790,000) monthly guests, according stats released by IT giant SimilarWeb.

» SPAMfighter News - 10/30/2015