A popular dating site and a huge telecommunications company were hit with malvertising.
Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.
Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.
It is frustrating when your antivirus protection stops you from visiting a website that you know and trust, but these days even the most popular websites can fall prey to attacks.
This week security researchers discovered booby-trapped advertisements on popular websites including eBay, The Drudge Report, weather.com, and AOL. The ads, some of which can be initiated by a drive-by attack without the user’s knowledge or even any action, infected computers with adware or locked them down with ransomware.
Computer users running older browsers or unpatched software are more likely to get infected with malware just by visiting a website. Avast blocks these infected ads, but to be safe, please use the most updated version. To update your Avast, right-click the Avast Antivirus icon in the systems tray at the bottom-right corner of your desktop. From the menu, select Update.
“This kind of malvertising is a fairly easy way for cybercriminals to deliver adware or another malicious payload. Many websites sell advertising space to ad networks then deliver the targeted ads to your screen,” said Avast Virus Lab researcher Honza Zika. “All Avast users with current virus databases are fully protected against this attack, but those without protection or up-to-date security patches run the risk of being infected with ransomware.”
Malvertising, sounds like bad advertising right? It is bad advertising, but it doesn’t necessarily include a corny jingle or mascot. Malvertising is short for malicious advertising and is a tactic cybercriminals use to spread malware by placing malicious ads on legitimate websites. Major sites like Reuters, Yahoo, and Youtube have all fallen victim to malvertising in the past.
How can consumers and SMBs protect themselves from malvertising?
Malvertising puts both website visitors and businesses at great risk. Site visitors can get infected with malware via malvertising that either abuses their system or steals personal data, while businesses’ reputations can be tarnished if they host malvertisments. Even businesses that pay for their ads to be displayed on sites can suffer financial loss through some forms of malvertising because it can displace your own ads for the malicious ones.
To protect themselves, small and medium sized businesses should make sure they use the latest, updated version of their advertisement system, use strong passwords to avoid a dictionary attack and use free Avast for Business to discover and delete malicious scripts on their servers. Consumers should also keep their software updated and make sure they use an antivirus solution that will protect them from malicious files that could turn their PC into a robot, resulting in a slowed down system and potential privacy issues. Avast users can run Software Updater to help them identify outdated software.
How does malvertising work?
Businesses use ad systems to place and manage ads on their websites, which help them monetize. Ad systems can, however, contain vulnerabilities. Vulnerabilities in general are a dream come true for cybercriminals because vulnerabilities make their “jobs” much easier and vulnerabilities in ad systems are no exception. Cybercriminals can take advantage of ad system vulnerabilities to distribute malicious ads via otherwise harmless and difficult to hack websites.
Why cybercriminals like malvertising
Cybercriminals fancy malvertising because it is a fairly simple way for them to trick website visitors into clicking on their malicious ads. Cybercriminals have high success rates with malvertising, because most people don’t expect normal looking ads that are displayed on websites they trust to be malicious. Targeting well-visited websites, not only raises the odds of ad clicks, but this also allows cybercriminals to target specific regions and audiences they normally wouldn’t be able to reach very easily. Another reason why malvertising is attractive to cybercriminals is because it can often go unnoticed, as the malicious code is not hosted in the website where the ad is being displayed.
Examples of malvertising
An example of an ad system platform with a rich history of vulnerabilities is the Revive Adserver platform, formerly known as OpenX. In the past attackers could obtain administrator credentials to the platform via an SQL injection. The attackers would then upload a backdoor Trojan and tools for server control. As a result, they were able to modify advertising banners, which redirected site visitors to a website with an exploit pack. If the victim ran outdated software, the software would download and execute malicious code.
Another malware family Avast has seen in the wild and reported on that spread via malvertising was Win32/64:Blackbeard. Blackbeard was an ad fraud / click fraud family that mainly targeted the United States. According to our telemetry, Blackbeard infected hundreds of new victims daily. Blackbeard used the victim’s computer as a robot, displaying online advertisements and clicking on them without the victim’s knowledge. This resulted in income for botnet operators and a loss for businesses paying to have their ads displayed and clicked.
Malware has increased on mobile devices 900% since 2011. As dramatic as that number is, as we explained in part 1 of this post, your Android device is unlikely to become infected with malicious malware.
Nowadays, cybercrooks use more subtle and insidious techniques to steal money and personal data from you.
We explained about PUPs and snoopy apps that want too much information from you. Here are a few more sneaky methods that you should be aware of:
Information hungry ads
App developers are not the only information hungry players in the app game. Ad kits can be found in 80% of free apps. Ads are used to monetize free apps, just like websites display ads to monetize. Unfortunately, not all ad networks play fair. Some ad networks collect and share your personal data.
At the beginning of the year Rovio, maker of Angry Birds, came under fire for allegedly sharing user information with the NSA. They, however, denied this and stated that Ad Networks used by “millions of commercial websites and mobile applications” leaked information to the U.S. intelligence agency.
avast! Mobile Premium, the premium version of avast! Mobile Security, includes an Ad Detector feature. This feature provides full details of an ad network’s capabilities. Ad network permissions are mixed in with the app’s permissions, so it is difficult to differentiate where certain information is being sent and who is accessing your device. App downloaders should therefore always review app permissions thoroughly, as app developers are not the only players on the app’s field.
Empty promise apps
There are apps on the market that are not after your personal data, but are more interested in deceiving you for financial gain. These apps trick people into downloading something different than what they advertised. There are various ways this can be done with various levels of severity.
The most innocent of them being seemingly normal apps that when downloaded only display ads, not even offering the service they advertised. We found apps like this around the time of the World Cup. Games like Corner Kick World Cup 2014 displayed a white screen with ads popping up now and then. This is not necessarily malicious, but frustrating and annoying for the user. If the app had been called Ad Roulette it would be acceptable, but app developers gain a small profit from advertisers when users click on ads displayed within their app. Displaying ads continuously boosts the likelihood that users will click on the ads, thus increasing the app developer’s profit.
More malicious and misleading apps warn people that their device is infected, deceiving them into downloading either an app to remove the “virus” on their device or in some cases downloading actual malware. AVAST discovered an adult app, available on an underground app market that forced users to “scan their device for viruses.”. Subsequently, the app displayed a fake version of avast! Mobile Security, which in reality was ransomware that locked victim’s out of their devices until they paid up.
Apps that gain users by offering a solution to remove non-existent infections, on the other hand, may offer a legitimate app, like a security or other category of app, but the tactic they use to gain users is deceitful and unethical.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ andInstagram. Business owners – check out our business products.