Malvertising Campaign Strikes MSN Web Portal

Itnews.com.au reported on 28th August, 2015 stating that MSN web portal of Microsoft has been used by unknown attackers to serve malicious advertising code which tried to plant Angler Exploit Kit on the computers of visitors.

MSN is the automatic home page for Internet browser of Microsoft in its Windows operating system and the company claims that several hundreds of millions of visitors click on the site every month.

Jerome Segura, a Researcher of security firm Malwarebytes, reported that users were served with malvertising when they simply browsed MSN news, lifestyle or any other sections.

The attackers abused Adspirit.de, a German network, whose ads were served through AppNexus online advertising delivery company and silently deploy Angler on the machines of users.

Segura says that the attack uses rhcloud.com cloud platform of RedHat to redirect users to Angler exploit kit which is different from leveraging Azure of Microsoft.

The payload is probably advertising fraud or ransomware which is the hallmark drop of Angler. The malvertising attack has been reported and taken offline which will do nothing in seclusion to stop or even slow the actor.

Segura said that MSN malvertising campaign is the work of the same unnamed actors who recently targeted Yahoo along with other popular media sites and web properties like Drudge report, Weather.com and online marketplace eBay.

Mediapost.com published news on 28th August, 2015 quoting Segura as saying "Advertising networks required to implement stricter standards for submitting ad inventory. Ad networks are very much relaxed and higher standards are required."

He added: "There are lot of work to be done in terms of tighter regulations on who can place an ad on the network. Some need very little information and no previous history before submitting the advertisement. The industry requires a zero-tolerance policy for offenders."

Segura said that these are not dark underground sites but rather conventional portals serving malvertising-injected ads and one campaign could serve billion of ad impressions daily to achieve 2,000 to 3,000 hits. He calls for a blacklist policy after one strike which means that if an advertising network gets caught once with malvertising running on the network and should face consequences as companies will see this much more seriously.

» SPAMfighter News - 9/7/2015