Millions of users exposed to malicious ads

Mar 15, 2016 18:50 GMT  ·  By

A large malvertising campaign has been detected by three major cyber-security vendors, affecting multiple websites that have a total monthly viewership that goes well over 2.4 billion users.

According to Trend Micro, Trustwave, and Malwarebytes, crooks have managed to show malicious ads using four different advertising networks. These ads have hijacked the user's browsing experiences and led them to malicious sites hosting the Angler EK (exploit kit).

If you're not particularly familiar with Angler, this is a tool cyber-criminals use to analyze the users coming via the malicious ads, separate them in potential victims, and then use exploits (software vulnerabilities) in the users' local applications to infect them with the crooks' desired malware.

Angler was delivering the Bedep clickfraud botnet

In this particular instance, security researchers say that most of the time they saw the Bedep malware. Bedep is a clickfraud bot that shows unwanted ads, and hijacks the user's mouse, clicking on the ads and generating revenue for the malware's operator.

In some of these cases, security researchers from Trustwave have reported that they've seen Angler distribute the TeslaCrypt ransomware instead of the Bedep malware, but the overwhelming majority of infections has been with Bedep.

The four advertising platforms through which the malicious ads were delivered are Google, AOL, Rubicon, and AppNexus.

Malicious ads appeared on Microsoft's MSN portal

Some of the biggest sites on which the malicious ads have been displayed include Microsoft's MSN portal, the New York Times, the BBC, AOL, Comcast's Xfinity, NFL, Realtor, the Weather Network, The Hill, and Newsweek.

Security researchers from Malwarebytes also noted that in the past few weeks, malvertising, in general, was seen in far smaller numbers than before, but this changed during the past day, when this massive campaign was first spotted. The same company also released an interesting report regarding the most recent tactics used in malvertising campaigns.

Malvertising campaign spike for March 14, 2016
Malvertising campaign spike for March 14, 2016

Photo Gallery (2 Images)

Malvertising campaign affects major websites, millions of users
Malvertising campaign spike for March 14, 2016
Open gallery