1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Malvertizing Spotted On Google's Doubleclick

Discussion in 'Security Updates' started by starbuck, Aug 27, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Security researchers from web security vendor Armorize have spotted malicious ads on Google's DoubleClick network that lead to drive-by download exploits.

    "In the past few days, our scanners noticed malvertising on Google DoubleClick. The malvertisement is being provided to DoubleClick by Adify (Now a part of Cox Digital Solutions), and to Adify by Pulpo Media, and to Pulpo Media by the malicious attackers pretending to be advertisers: indistic.com," the Armorize experts warn.

    "The malvertisement causes visitor browsers to load exploits from kokojamba.cz.cc (the exploit domain), which is running the BlackHole exploit pack. Currently, 7 out of 44 vendors on VirusTotal can detect this malware," they add.

    Malvertizing has become a common infector vector in recent years. Malware pushers use social engineering and impersonation to trick advertising networks to accept their ads, after which they start serving malicious code through them.

    Many high-profile websites have been hit by malvertizing attacks, more recently Yahoo! Philippines, Spotify, Al Jazeera, Autotrader.co.uk, and others.

    Attackers usually prefer to trick websites to run their ads directly instead of going through ad networks which have better trained personnel that do rigurous background checks.

    However, every now and then ad networks do get hit, especially when trusted intermediaries are involved, like in this case.

    Last December, Armorize identified a large-scale malvertizing attack that affected both Google's DoubleClick network and rad.msn.com, the server used by Microsoft to deliver ads on various sites, including Hotmail and MSN.

    Malicious ads were traditionally used to promote fake antivirus programs, but have mutated in recent times to serve malicious code that exploits vulnerabilities in outdated applications.

    The BlackHole toolkit used in this attack is currently the most popular drive-by download attack kit and contains exploits for vulnerabilities in Java, Flash Player, Adobe Reader and Windows.

    In order to stay protected from such attacks, users are advised to keep their applications up to date and run an antivirus capable of scanning web traffic at all times.


    Source:
    http:/ ews.softpedia.com ews/Malvertizing-Spotted-on-Google-s-DoubleClick-218988.shtml
     
    starbuck, Aug 27, 2011
    #1

Share This Page