Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday December 09 2016, @07:01AM   Printer-friendly
from the sneakier-by-design dept.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.

Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.

The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.

Users from the United States were ignored, for reasons unknown.

The quiet success of the still-ongoing attacks comes despite that researchers from security firm ESET found earlier variants in late 2014 targeting Dutch users.

Well-known researcher Kafeine, now with Proofpoint, reported on a subsequent massive malvertising campaign in July in which the AdGholas malvertising campaign had ensnared as many as a million users a day.

Those attacks slung banking trojans at British, Australian, and Canadian users with localised ruses.

[Continues...]

AdGholas exploited among others a low-level Internet Explorer vulnerability (CVE-2016-3351) to assist with cloaking that Microsoft was slow to patch.

Victims who surfed various news outlets using Microsoft Internet Explorer and Adobe Flash which did not have recent patches applied could be silently compromised.

[...] Those on other browsers were ignored, as were those running packet capture, sandboxing, and virtualisation software, the latter platforms being hallmarks of white hat security researchers.

The malcode within the ads exploited Internet Explorer bug CVE-2016-0162 for initial reconnaissance and Flash bugs CVE-2016-4117, CVE-2016-1019, and CVE-2015-8651 to get payloads onto machines.

"Despite not targeting the US, the latest AdGholas campaign has once again reached epic proportions and unsuspecting users visiting top trusted portals like Yahoo or MSN [among] many top level publishers were exposed to malvertising and malware if they were not protected," Segura says.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by BsAtHome on Friday December 09 2016, @12:31PM

    by BsAtHome (889) on Friday December 09 2016, @12:31PM (#439123)
    I cannot agree more. If you make a mistake once, then that is bad. However, the companies have made the same mistake many times. Both the ad-networks *and* the main sites are responsible. They all act like Typhoid Mary [wikipedia.org] and should all be treated as such. Quarantine the bastards on either side of the infectious delivery. It has been a long time since "I didn't know" was an acceptable defense.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2