14 DAY TRIAL // Serving malware via compromised ad networks is a tactic used by more and more cybercriminals. The latest incident that involves this attack vector has targeted the website of Aftonbladet, a popular Swedish tabloid.
It’s worth noting that Aftonbladet is one of Sweden’s largest websites. According to Alexa, it’s ranked sixth in Sweden.
Magnus Lindkvist, security evangelist at Microsoft Sweden, was among the first to notice the attack. He called up Kaspersky’s David Jacoby, who analyzed the malvertising campaign.
Apparently, the attack only targets Internet Explorer users. If the website is visited from another browser, nothing happens.
However, when it’s accessed through Internet Explorer, visitors are redirected to another website where a fake Microsoft Security Essentials Alert warns them that there are Trojans and other threats on their computer.
When the “Clean computer” button is clicked, a malicious file is downloaded. Jacoby says they’re still analyzing the threat, but judging by the screenshot he has provided, this looks like the social engineering kit used by cybercriminals to distribute fake antiviruses of the Tritax family.
The Fake AV and the social engineering kit were detailed a couple of days ago by Fox-IT security specialist Yonathan Klijnsma.
The malicious ad has been removed from Aftonbladet, but it’s uncertain if the site has been completely cleaned up.
In case you’ve visited the website with Internet Explorer, you’ve been redirected to the fake Microsoft Security Essentials Alert, and downloaded some software, you should scan your computer with an antivirus application.
If the cybercriminals are distributing fake antiviruses and your computer is infected, you’re probably seeing all sorts of virus alerts. In order to get rid of the threat, scan your computer with a legitimate security application. If you can’t, try doing so from the operating system’s safe mode.
Update. Fox-IT security specialist Yonathan Klijnsma has confirmed for Softpedia that this attack is part of the Tritax family campaign.