Malvertising Operation Exploiting Online Videos Stayed 60 Days, Not 12-hrs

A new research by ClarityAd that monitors malvertising shows that an attack with malicious ads, which exploits online movie strips for poisoning Internet-users, in reality went on for 60 days instead of an earlier study by Media Trust that reported that the attack targeting a few extremely trafficked websites went on for over 12 hours. This suggests that the earlier discarded mode of using online videos is now highly suitable for cyber-criminals, published theregister.co.uk dated November 24, 2015.

An extensive analysis by two security researchers shows that the time period during when the damage occurred indicates that the security industry requires putting still further effort for handling the aforementioned cyber-crime.

The researchers Jerome Dang, Co-Founder and CTO of ClarityAd and Jerome Segura, Senior Security Researcher at Malwarebytes pointed out the key component within the 2-month attack as BrtMedia.net a domain name after they probed the attacker's modus operandi during their study, reported theregister.co.uk.

Malwarebytes explains that the malvertisers exploited a much familiar advertising platform LiveRail for distributing the malverts. Every time the malverts received successful advertising bids, the online site getting targeted read the ad thoroughly with the help of one XML file followed with taking it down as a maligned bidder.swf file.

Since Internet-based video advertising no longer uses Video Ad Serving Template (VAST) but Video Player Ad-Serving Interface Definition (VPAID) advertising, the latter technique's security shortfalls let the attackers bundle the JavaScript code within the advertisement's bidder.swf.

For a video player which takes down the bidder.swf file it proceeds to read that file, determine its JS code followed with running it straight inside the end-user's Web-browser rather than one distinct iframe.

Normally the malevolent JavaScript code attempted at diverting end-users onto sinister URLs where they were asked for making the Flash player they possessed up-to-date with the help of an update URL which was false, alternatively change the advertisements on the web-page and put the cyber criminals' own ones that were certain affiliate web-links taking users onto Amazon stores.

Meanwhile, Malwarebytes estimates the number of websites impacted with the attack is pretty numerous than the earlier 3,000 computed.

» SPAMfighter News - 12/2/2015