Malvertising Consortium Uncovered
Researchers at Confiant have uncovered a massive malvertising network that served up 1 billion ad impressions affecting 62% of ad-monetized websites. The malicious ads redirect users to a variety of fraudulent pages including fake tech support pages, malicious Flash player updates, and fake antivirus alerts. These webpages trick the user into calling up a random phone number and providing their credit card or downloading a malicious executable.
The attack vector isn’t new but it’s starting to pick up tricks from exploit kits by fingerprinting the browser session to determine if it’s a real user, bot, or virtual machine. Evading bots and virtual machines serves two purposes: to avoid getting caught by security researchers and not wasting an ad impression.
The interesting part of this massive malvertising network is the use of shell corporations, fake LinkedIn personas, and social media presence. If anything, this consortium has all the hallmarks of an advanced cyber campaign. Unfortunately, legitimate modern-day advertising networks are indistinguishable from exploit kit networks.
Protect yourself by keeping your operating system, browser, and antivirus updated.
Fire & Fury
All the buzz about Michael Wolff’s new book, Fire & Fury, have made it an enticing lure for users looking to acquire a copy through less than legal means. Researchers found that a truncated PDF of the book was being distributed along with a backdoor, allowing an unidentified actor to take control over the victim’s computer.
Developing new exploits is hard. Creating new lures to entice users into downloading and opening a file is easy. It’s only a matter of time until the bad guys start attaching malware to Tide PODS memes – too bad it won’t leave your computer in a clean state.
Those files you acquire through unscrupulous websites or peer-to-peer networks don’t exactly have (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog