New vulnerabilities in Flash combined with malicious ads are helping attackers
Feb 4, 2015 By Jeremy Kirk
EXCERPT
The malvertisements were distributed by Adtech.de, an AOL-owned online advertising company, and two other companies, adxpansion.com and Ad.directrev.com. The bad ads appear to have been removed from Adtech, Bilogorskiy said, who has been in touch with its security team. He couldn't reach the other two companies.
The malicious advertisements redirected users through several domains before finally dumping them on pages hosting an exploit kit, an attack tool that scans for software vulnerabilities. It appears this campaign uses the Sweet Orange exploit kit, Bilogorskiy said.
If a vulnerability is found, malware is automatically delivered, a dangerous type of attack known as a drive-by download. "It's the worst case," Bilogorskiy said.
Full Article
By Ionut Ilascu 5 Feb 2015
Campaign still active, AOL and two other ad networks abused
A malvertising campaign spread on popular websites, Huffington Post among them, has been observed late this weekend; the end goal is to deliver Kovter Trojan used for ad-fraud purposes.
The current campaign seems to be the continuation of a previous one, detected in early January, which also affected websites. In both cases, the advertising network distributing the malicious files is Adtech.de, owned by AOL.
Two other advertising companies have also been serving malicious banners, one being adxpansion.com and the other ad.directrev.com.
Over the weekend, security researchers at Cyphort detected a significant increase in the number of daily infected domains, the list including laweekly.com, indiedb.com, dramago.com, animetoon.tv, spoilertv.com, and sbcodez.com. Full Article
Campaign still active, AOL and two other ad networks abused
A malvertising campaign spread on popular websites, Huffington Post among them, has been observed late this weekend; the end goal is to deliver Kovter Trojan used for ad-fraud purposes.
The current campaign seems to be the continuation of a previous one, detected in early January, which also affected websites. In both cases, the advertising network distributing the malicious files is Adtech.de, owned by AOL.
Two other advertising companies have also been serving malicious banners, one being adxpansion.com and the other ad.directrev.com.
Sweet Orange may deliver Kovter
Over the weekend, security researchers at Cyphort detected a significant increase in the number of daily infected domains, the list including laweekly.com, indiedb.com, dramago.com, animetoon.tv, spoilertv.com, and sbcodez.com. Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.