Malware Infected Google Ad Campaign Knocks Users

Pcworld.com published a report on 8th April, 2015 quoting a warning of security experts as "a large number of ads distributed by a partner of Google advertising redirected users to Web-based exploits which tried to install malware on user's computers."

Security researchers from Fox-IT, a Dutch security firm, observed the malvertising campaign wherein ads coming from a partner of Google in Bulgaria known as Engage Lab began redirecting users to the Nuclear Exploit Kit.

Especially, exploit kits are platforms of Web-based attack which attempt to exploit vulnerabilities in browsers and browser plug-ins to infect computers of users with malware.

According to analysis of Fox-IT, the version of Nuclear exploit kit (EK) used by attackers tries to take advantage of vulnerabilities in outdated versions of Adobe Flash Player, Microsoft Silverlight and Java.

Softpedia.com published news on 8th April, 2015 quoting Maarten van Dantzig, Security Researcher of Fox-IT, as saying "the malicious ads first lead to an intermediary website which then redirects to a domain hosting Nuclear EK."

The investigation revealed that cybercriminals are regularly changing domains to avoid detection and increase the lifespan of the infamous operation.

Dantzig says that they have not been able to identify the nature of the malware delivered through plug-in exploit but discovered the command and control (C&C) server the malware used which seems to be in the US.

Google was informed about the issue and it might have taken necessary action to spoil the efforts of cybercriminals because security company recorded no malicious redirects from the Bulgarian reseller after 7 hours of spotting the campaign.

Malvertising has been a growing problem since many years and in spite of vast advertising networks claiming to have sophisticated defenses in place, attackers still have not able to find methods of avoiding these malware.

These attacks are particularly dangerous because users get infected even without visiting obscure websites. Once attackers manage to push malicious ads into a vast advertising network, these ads get displayed on well-known and trusted websites.

US Senate investigated malvertising during 2014 and concluded that "the industry of online advertising has grown so much in complexity that each party may refuse to accept the responsibility of the delivery of the malware into the user's computer through an advertisement."

» SPAMfighter News - 4/16/2015