Massive Malvertising campaign Intercepted that Resort to Dubious Casino Websites

Malwarebytes the security company has just detected one massive malvertising campaign which's diverting end-users in an automatic manner onto casino websites which act as traps for carrying out drive-by downloads serving AEK (Angler Exploit Kits), published SCMagazine.com in news on November 17, 2015.

According to Senior Security Researcher Jerome Segura of Malwarebytes Labs, the campaign involved exhibiting one malicious ad on the user's website that he may be seeing into his browser. Now the user would get diverted onto one casino website that would deceptively plant malware onto his system. SCMagazine.com reported this dated November 17, 2015.

It is believed that the campaign was executed October 21, 2015 as the attack victimized people accessing "sketchy websites" which presented material from copyrighted movies' torrents, pirated software to movies in live stream, as per one blog post dated November 17, 2015.

It's not clear what number of people got affected because of the attack toolkits; however, it has been observed that a total of 3 casino websites which worked like a medium to spread the Angler EK received in all over 1m visits whereas the advertising network received over 2bn visits during October last, states the post.

And according to Segura, a great possibility is that numerous people contracted malicious software due to this campaign. Infosecurity-magazine.com reported this in news on November 17, 2015.

Moreover, since the campaign targeted shady publishers who would likely dismiss 'advertising issues' while people visiting the websites knew they were using unlawful material, nobody had a reason for reporting the event. Nearly all the advertising networks attained registration through 'Domains By Proxy LLC, implying there wasn't any information obtainable regarding the registrant.

Indeed, says Segura, the malvertising campaigns separately considered as such don't show a distinction; however, their interconnection shows us the larger scenario of how massive the operation is.

Nevertheless, the attacks have been all carried out via GoDaddy, as also on the original ASN: AS15169; thus making Malwarebytes believe there was an interconnection among them. Analyzing ten ad domains, the ad network AdCash happened to be one impacted while this is the outlet through which Malwarebytes managed identifying the campaign.

» SPAMfighter News - 11/24/2015