Batu69 Posted October 7, 2015 Share Posted October 7, 2015 Campaign affected more than 84 million users A recent malvertising campaign has been seen on six of Spain's biggest torrent sites, exposing around 84.2 million users to the CryptoWall ransomware. The campaign was possible and was more efficient than similar ones because the attackers managed to compromise Publited's servers, the ad network that delivered the advertisements on those sites. A rare occurrence of a compromised ad network An ad network having their servers hacked is a rare occurrence, but this resulted in a much more dangerous situations for users, allowing the attackers to better control the way the malicious ads are displayed to users. While in most cases malvertisers can only show ads by bidding and winning ad spots, and then corrupting its delivery method via malicious JavaScript files and countless redirects, by controlling the ad platform, attackers were able to inject malicious iframes along with legitimate ads, and make them look like they would be coming from the ad server itself. Furthermore, attackers were also able to set complicated traffic filters in place, and control to whom, where, and when the malicious ads were being shown to. Attackers had complete control over the flow of malicious ads So if malvertisers would have liked to show malicious ads on pages where users downloaded the latest Hollywood movie releases, between 7 PM and 11 PM, and only to users from southern Spain, they would have been able to do this with no difficulty at all. The malicious iframes inserted into legitimate ads led users to pages where the Neutrino exploit kit was served, which then infected users with the CryptoWall ransomware. This went on for most of the campaign, but as Malwarebytes reports, the Angler exploit kit was also used in the later stages. Malwarebytes informed Publited of the campaign, and worked with the ad network to remove the attackers' backdoors from their infrastructure. Source Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted October 7, 2015 Share Posted October 7, 2015 Malwarebytes seem to be the best on things like this i think Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.