Compromised OpenX Ad and Server Boosting Malware

Sophos researchers came up with several corrupted openX ad servers that were modified to redirect to the websites that exhibit malicious content; as reported by softpedia on March 29, 2012.

The initiating point for these cyber attacks on legal sites that load openX ad content is usually done by an iframe element embedded in the page.

During the loading of this page, this iframe element causes the browser to request the content from the ad server. Actually, this content would just contain the relevant ads, but after it has been compromised, it also includes a malicious JavaScript.

The iframe of the script downloads matter from the traffic directing server (TDS), managed by a Group called Blackadvertpro that seems to be focused in corrupted website that direct traffic to their TDS. The trafficking of a large number of corrupted websites can appeal a huge amount of money when retailed to crooks that run exploit sites, as claimed by a softpedia researcher, Eduard Kovacs in esecurityplanet on March 29, 2012.

The moment a netizen enters an authorized website displaying ads from compromised networks their browser will be automatically redirected to the corrupted sites employing security vulnerable for installing fake antivirus or Trojan. Claiming these sites as Mal/ExpJS-AF, Sophos blocked them. However, during the recent attack, computers were attacked with smart Fortness 2012, which is a forged antivirus program.

Installation of this malicious program invites vulnerabilities as they reproduce an exhaustive list of all kinds of identified security threat on their system by imitating a security scan. These malicious antiviruses create a terror in the mind of a user regarding and instigate them towards buying one of the many schemes to delete the threat.

Intoxicating ad content is in fact a very famous technique for cybercriminals as it permits the spammers to manage a large amount of traffic. As apparent, the volume of traffic hints to the size of the underground market.

However, this not the first instance that compromised openX ad server have been used to infect users with malware. Polluting ad content is a powerful and a old technique of managing high volume of web traffic.

Related article: Compromise of Personal Information of UI Employees

» SPAMfighter News - 4/10/2012