05-18-2014 02:44 PM
Malvertising up by over 200%
Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified today before the U.S. Senate’s Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide.
According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users’ computers via “drive by downloads”, which occur when a user innocently visits a web site, with no interaction or clicking required. The consequences of malvertising include cybercriminals capturing users’ personal information or turning devices into a bot for the purpose of taking over that device and using it in many cases to execute DDoS attacks against a bank, government agency or other organization. Just as damaging is the deployment of ransomware, which encrypts a user’s hard drive, demanding an extortion payment to be unlocked. Users’ personal data, family photos and health records can be destroyed and stolen in seconds.
WEBROOT® SecureAnywhere™ Internet Security Complete Beta v22.214.171.124
06-29-2014 07:54 AM
The following is a updated article on Malvertising
" Quote" RIG Exploit Kit Used in Flash-Based Malvertising Campaig
Flash-based ads are being used by an advertising network to lure the visitors of various websites to a landing page that has been set up to distribute malware, Internet security firm Malwarebytes said on Thursday.
According to the company, the malicious advertising (malvertising) campaign relies on ads created with Adobe Flash that have appeared on a popular adult website and on a site that offers free e-cards. A close analysis of the ad's source code revealed that it was designed to trigger a malicious redirection when loaded by creating an iframe for a URL that's on the same domain as the advertising server.
The landing page hosts the RIG exploit kit, which attempts to exploit Adobe Flash and Microsoft Silverlight vulnerabilities in order to push a piece of malware identified as Trojan.Agent.ED, Malwarebytes said.
SecurityWeek/ Full Read Here/ http://www.securityweek.com/rig-exploit-kit-used-f