Cyber-Attack Compromises MadAdsMedia Server an Ad Network

Trend Micro the security company has detected one sinister advertising attack that eventually resulted in an intensive compromise of MadAdsMedia, one Internet based advertising company.

It was discovered that the Mount Laurel, New Jersey, United States-based MadAdsMedia that served advertisements diverted traffic onto websites harboring attack toolkit that searched end-users' PCs for software vulnerabilities so malware could be delivered. On May 2, 2015, there was a peak of 12,500 people affected.

Fraud Researcher Joseph Chen at Trend Micro blogs that initially, the incident seemed like one more instance of malvertising. According to him, ad networks have at times observed malevolent advertisements posted onto their networks which diverted users onto other sinister sites.

Chen further writes that on closely examining the MadAdsMedia, one of its servers that serves ads was found to be modified, particularly one JavaScript library that uploads ads to any website. Rather the library diverted people onto servers harboring attack toolkit namely Nuclear. The online sites which had been modified for diverting users contained anime and manga material.

Notably Nuclear toolkit examines for checking whether an end-user is working with Adobe Flash of an expired edition. In case such a flaw exists, the Carberp Trojan would get planted on the PC for tapping into its private information like passwords.

While being into existence since some years, Carberp is capable of impersonating a Windows document. Subsequently, it eliminates AV software running on the infected PC. Hitherto, Carberp has been most prevalent vis-à-vis the banking sector.

CVE-2015-0359 is the above Flash security flaw exposed within the attack in question, with a patch issued for it just this April 2015.

In an official comment, a MadAdsMedia representative stated that they performed an investigation soon when they found suspicious activity on their network. Immediately Trend Micro also contacted them and with the security company's research details MadAdsMedia could eliminate the threat. The ad network gave its information to its server organization that then acted swiftly. In a few hours, the breach became detectible with simultaneous security done to the networks, the representative explained. Blog.trendmicro.com published this in news dated May 7, 2015.

» SPAMfighter News - 5/15/2015