Massive Malvertising Campaign Strikes Popular Websites: Malwarebytes

Security firm Malwarebytes has alerted about a malvertising campaign which appears to be branch of a widespread constant campaign affecting many well-known websites like Last.fm, a popular music website.

Users are being infected with an exploit kit, concealed in online advertisements which mean users may not even know the presence of payload on their computer.

Malwarebytes said that The Jerusalem Post and The Times of Israel, two popular news websites in English language in Israel were targeted by the same campaign and it has been discovered that it is much wider than it was initially deemed because it involves doubleclick.net, a subsidiary of search giant (Google) for online advertisements and a well-known advertising firm namely Zedo.

The malware payload was identified as Zemot by Microsoft early this month which was distributed to innocent visitors.

A successful attack can result the installation of Zemot malware in the user's computers and cause further downloading of malicious software. Although conditions required for a successful attack are quite specific, the broad reach of the ads suggests that whoever is behind the attack, must have been successful in few more attacks before.

Malvertising campaigns are becoming more common while hitting many high-profile well-known websites recently. Cisco recently analyzed that an operation affected websites of Yahoo, Amazon, WinRAR and YouTube and attacked both Mac users and Windows.

Elias Manousos, CEO of RiskIQ, an Internet security company, warned about malvertising which not only makes users vulnerable to the theft of personal data and fraud but also damages customer loyalty and brand equity. Securityweek.com published a report on 19th September, 2014 quoting an expert as saying "a single malvertising campaign can affect more than 10% of the top 1,000 most visited websites."

Manousos said: "The malvertising problem stems from the fact that when an organization places an online advertisement, it is placed by an ad network. Moreover, ad networks will resell vacant ad spaces to other networks to basically avoid unused real estate. Moreover, as ad is directly sent from the servers of the ad network which inherits the space and are out of control of the advertising organization."

» SPAMfighter News - 9/29/2014