Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malvertising Strikes TMZ Gossip Site

TMZ, a celebrity gossip website, has turned out to be the most recent victim of an ongoing malvertising campaign that diverts guests to the malicious Angler exploit kit.

Readers of the site are automatically diverted towards malicious pages serving the ruthless Angler exploit kit, as a result loading malware that is capable to steal all types of data and ransomware including the unpleasant Cryptowall. Jerome Segura, researcher of Malwarebytes, says that attackers obtained entrance via ad platform Smartyads and ContextWeb, using CloudFlare for hiding infrastructure.

Jerome Segura explained after finding malverts on the Rotten Tomatoes site, that: "we have observed that majority of the rogue advertisers are utilizing the CloudFlare infrastructure to hide their backend server and encrypt their traffic also, along with using anonymous proxy registration details for the domain". In spite of exposing malvertiser's activities by the security vendor, they were not discouraged and just made new fake profiles through which to send new malicious ads, by means of the same infrastructure which they had before.

Dull ads are shown to ad-men conducting checks on those apparently benign redirection sites. theregister posted on 8th February, 2016, stating that only readers of compromised sites, such as Rotten Tomatoes or TMZ, bear the referrer ticket triggering the attack. As per Mr. Segura, the malvertising campaign was diverting visitors of TMZ through various Web servers that were picking only users with susceptible browsers and operating systems, and sending them to a page which was hosting the Angler Exploit Kit.

Here, specifically created malicious code would scan the client's PC for vulnerabilities, and exploit them to deliver malware to all users of TMZ. This campaign was not so expensive to perform, considering that TMZ charges approximately $0.19 per 1,000 ad impressions. Moreover, malvertising success rate is higher than classic spam campaigns, and it does not depend on social engineering tricks and works mutely with no indications of its presence. Therefore, we may come across more of it later on.

Simple security steps enable you to avoid being hit by an exploit kit, in case you encounter a malvertising campaign.

ยป SPAMfighter News - 2/12/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page