New Zealand's largest online auction site, Trade Me, has served malware to visitors for over 24 hours last week, after a malicious ad got into the system.According to Alexa, trademe.co.nz has a traffic rank of 1,470 globally and 4 in New Zealand. The site has over 2.3 million registered users and as much as 70,000 are online at the same time during peak hours.
An advertisement, which appeared to be for a travel company called Lonely Planet, was falsely informing users that their computers are infected with malware and offered them a rogue antivirus program.
Fortunately, not all users were affected, because according to the company, the ad only targeted users with outdated operating systems and software.
This is a bit unusual, because while the first part is indicative of a scareware scam, the software checking routine is normally encountered in drive-by download attacks, where users are infected silently by exploiting vulnerabilities in old software versions.
The malvertizement ran from sometime Thursday morning to until midday Friday, but despite the significant attack window, the company said that only 50 users reported it.
"
We will be doing everything we can to nail the cybercriminals responsible," Trade Me spokesperson Paul Ford told New Zealand's
Stuff.
"
We take our status as a trusted marketplace very seriously and we have let our members down," he added.
The company has a review process in place that should normally screen out rogue ads, but this time the attackers managed to defeat the system.
"
We have processes in place to prevent ads like this appearing but unfortunately this one snuck through and we are gutted that it happened. "
At the moment we're focused on helping our members and making sure it doesn't happen again," Mr. Ford explained.
The latest malvertizing attacks we reported were instrumented by compromising ad servers via a vulnerability in OpenX software.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
