Malvertising Strikes TMZ Gossip Site

TMZ, a celebrity gossip website, has turned out to be the most recent victim of an ongoing malvertising campaign that diverts guests to the malicious Angler exploit kit.

Readers of the site are automatically diverted towards malicious pages serving the ruthless Angler exploit kit, as a result loading malware that is capable to steal all types of data and ransomware including the unpleasant Cryptowall. Jerome Segura, researcher of Malwarebytes, says that attackers obtained entrance via ad platform Smartyads and ContextWeb, using CloudFlare for hiding infrastructure.

Jerome Segura explained after finding malverts on the Rotten Tomatoes site, that: "we have observed that majority of the rogue advertisers are utilizing the CloudFlare infrastructure to hide their backend server and encrypt their traffic also, along with using anonymous proxy registration details for the domain". In spite of exposing malvertiser's activities by the security vendor, they were not discouraged and just made new fake profiles through which to send new malicious ads, by means of the same infrastructure which they had before.

Dull ads are shown to ad-men conducting checks on those apparently benign redirection sites. theregister posted on 8th February, 2016, stating that only readers of compromised sites, such as Rotten Tomatoes or TMZ, bear the referrer ticket triggering the attack. As per Mr. Segura, the malvertising campaign was diverting visitors of TMZ through various Web servers that were picking only users with susceptible browsers and operating systems, and sending them to a page which was hosting the Angler Exploit Kit.

Here, specifically created malicious code would scan the client's PC for vulnerabilities, and exploit them to deliver malware to all users of TMZ. This campaign was not so expensive to perform, considering that TMZ charges approximately $0.19 per 1,000 ad impressions. Moreover, malvertising success rate is higher than classic spam campaigns, and it does not depend on social engineering tricks and works mutely with no indications of its presence. Therefore, we may come across more of it later on.

Simple security steps enable you to avoid being hit by an exploit kit, in case you encounter a malvertising campaign.

» SPAMfighter News - 2/12/2016