A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.
Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.
The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.
Users from the United States were ignored, for reasons unknown.
The quiet success of the still-ongoing attacks comes despite that researchers from security firm ESET found earlier variants in late 2014 targeting Dutch users.
Well-known researcher Kafeine, now with Proofpoint, reported on a subsequent massive malvertising campaign in July in which the AdGholas malvertising campaign had ensnared as many as a million users a day.
Those attacks slung banking trojans at British, Australian, and Canadian users with localised ruses.
[Continues...]
AdGholas exploited among others a low-level Internet Explorer vulnerability (CVE-2016-3351) to assist with cloaking that Microsoft was slow to patch.
Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied could be silently compromised.
[...] Those on other browsers were ignored, as were those running packet capture, sandboxing, and virtualisation software, the latter platforms being hallmarks of white hat security researchers.
The malcode within the ads exploited Internet Explorer bug CVE-2016-0162 for initial reconnaissance and Flash bugs CVE-2016-4117, CVE-2016-1019, and CVE-2015-8651 to get payloads onto machines.
"Despite not targeting the US, the latest AdGholas campaign has once again reached epic proportions and unsuspecting users visiting top trusted portals like Yahoo or MSN [among] many top level publishers were exposed to malvertising and malware if they were not protected," Segura says.
(Score: 5, Insightful) by Anonymous Coward on Friday December 09 2016, @09:52AM
The news sites are not at direct fault as they displayed the advertising
Son of a--
Fuck you, they are at the most direct fault of all.
Actively blocking content unless you agree to receive the malwa- I mean, ads. Shaming people who block ads for being leechers and immoral bastards who want everything for free, without even attempting to police the ads themselves. Trying to get laws passed that would make ad blocking illegal. In Germany, repeatedly suing maker of AdBlock (and losing every time).
Yes, they (probably) didn't code the malware or put it on ad networks... but they sure as hell work very, very hard to get you infected.
(Score: 2) by BsAtHome on Friday December 09 2016, @12:31PM
(Score: 0) by Anonymous Coward on Friday December 09 2016, @02:50PM
And in the end -they- are the ones that decide to use those specific ad networks to generate revenue. That's about as directly responsible as they can be. If they used a competent ad network (I don't think any exist yet however as damned near EVERY ad network has cut enough corners to make a buck and ended up letting malware onto their distribution network) then there wouldn't be an issue.