'Kyle & Stan' Parks Malvertising On Amazon, YouTube

  • 9 September 2014
  • 3 replies
  • 2620 views

Userlevel 7
  By Sara Peters Posted on 9/8/2014
 
Windows and Macs alike are at risk to sophisticated mutating malware.
 A malicious advertising (malvertising) network is distributing spyware, adware, and browser hijackers to both Macs and PCs, crafting a unique malware bundle for each machine it infects. The network, dubbed "Kyle and Stan" by Cisco's TALOS Security Research, is 700 domains strong, including the likes of amazon.com and youtube.com. "This by all means is most likely just the tip of the iceberg," researchers said in a blog post today.
 
The world of online ads has only a few major players that are supplying ads to thousands of websites. If an attacker can get one of those major advertisement networks to display an advertisement with a malicious payload just for a few minutes without being detected, then countless machines can be infected by such an attack.
 
"Kyle and Stan" is so named because the group dubbed hundreds of their subdomains "stan.mxp2099.com" and "kyle.mxp2038.com." Here's what happens when a user visits one of the malicious sites:
 
DarkReading/ full article here/ http://www.darkreading.com/kyle-and-stan-parks-malvertising-on-amazon-youtube/d/d-id/1307036?

3 replies

Userlevel 7
Badge +54
by Michael Mimoso      September 22, 2014 , 2:11 pm

The Kyle and Stan malvertising network has a much bigger reach than first reported—about nine times bigger.

In the two weeks since Cisco’s first report on the malicious ad distribution campaign, researchers had a chance to look closer at telemetry data, connect more dots and learn that nearly 6,500 malicious domains are involved—more than nine times the 703 originally reported. As a result, Cisco said that more than 31,000 connections have been made to these domains, more than three times the 9,541 originally reported.
Researchers Craig Williams and Armin Pelkmann were also able to trace the attack back to 2012, proving that it’s been active much longer than last May as originally reported.
 
Full Article
Userlevel 7
By Brian Prince on September 23, 2014
 
New research from Cisco Systems shows the 'Kyle and Stan' malvertising network is much bigger than it first appeared.
 
In fact, it is nine times bigger.
 
 
Two weeks ago, Cisco's Talos Security Intelligence and Research Group revealed the existence of the network, which was responsible for placing malicious advertisements on websites such as amazon.com, ads.yahoo.com, youtube.com and 70 other domains. What they found however, was just the beginning.
"The “Kyle and Stan” network is a highly sophisticated malvertising network," blogged Armin Pelkmann, threat researcher with Cisco. "It leverages the enormous reach of well placed malicious advertisements on very well known websites in order to potentially reach millions of users. The goal is to infect Windows and Mac users alike with spyware, adware, and browser hijackers."
 
According to Pelkmann, Cisco has now isolated 6,491 domains sharing the same infrastructure – more than nine times more than the previously reported 703 domains.
 
SecurityWeek/ full article here/ http://www.securityweek.com/massive-malvertising-network-9-times-bigger-originally-thought-cisco
Userlevel 7
The following article is a update on Malvertising

(Malvertising, Online Ad Networks a Dangerous Duo)

By Ann All  |  Posted September 25, 2014
 
The Internet advertising business is booming. Online advertising is now the second-largest ad medium, after passing newspapers in 2013, according to ZenithOptimedia research. Ad networks like DoubleClick play a big part in that growth, so it's not surprising they have attracted the attention of attackers interested in using them to serve malware.
Advertising networks could become "the next primary attack vector," contends new research from Bromium Networks. Worse, popular security technologies such as signature-based detection are essentially useless against such attacks, said Rahul Kashyap, Bromium's chief security architect and head of Research.
The research, which Bromium is releasing today, found attackers are using ad networks to place malicious ads on popular sites like YouTube and Yahoo. The ads redirect Internet users to pages serving malware via drive-by download attacks. Video sites like YouTube are especially attractive to attackers because viewers tend to linger, which gives the bad guys more opportunities to execute complex exploits.
 
 
eSecurityPlanet/ full article here/ http://www.esecurityplanet.com/malware/malvertising-online-ad-networks-a-dangerous-duo.html

Reply