Category: malvertising

Aug 14 2015

My browser visited Drudgereport and all I got was this lousy malware

Millions of people visiting drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.

The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks.

Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don't click on links. Some browser makers have responded by implementing so-called click-to-play mechanisms that don't render Flash or Java content unless the end user actively permits the plugin to run on a particular site. Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue.

Read 1 remaining paragraphs | Comments

Feb 02 2015

New Adobe Flash zero-day is being exploited in the wild

Patch due to be published this week for critical new Adobe Flash vulnerability CVE-2015-0313.

Read More
Nov 13 2014

Disconnect’s new app pulls the plug on supercookies, other tracking

Disconnect

Disconnect, the not-for-profit company behind the eponymous online privacy tool and “malvertising” blocking service, released a new version of its virtual private networking and privacy protection service for iOS, Android, Windows, and Mac OS X this morning. Disconnect has offered versions of its service on these platforms in the past, but the latest edition is the first to bring an enhanced version of what the company first introduced on the privacy-oriented Blackphone to these other operating systems.

The service is available through Apple’s App Store and the company’s website (not the Google Play or Windows stores), and it adds filtering of cell provider “supercookies” and other common tracking data captured by websites and mobile applications. Disconnect has also inked a deal with Deutsche Telekom to offer its software and services as a promotional bundle to DT customers.

The new Disconnect app and service comes in free and premium versions. The free application simply provides the user with a visualized record of tracking performed by websites and mobile applications, showing what tracking cookies are used and whose cookies they are. It also shows any unsecured connections within sites using otherwise secure HTTPS connections.

Read 5 remaining paragraphs | Comments

Jun 22 2011

FBI announces international cyberbusts: scareware peddlers and malvertisers taken out

Twenty years ago, people used to ask, “Why do virus writers do it?”

That was a tricky question to answer, since there was often little motivation beyond notoriety – being recognised in the counterculture as a virus writer.

These days, you can explain virus writing Jeopardy-style instead. (Jeopardy is a back-to-front US game show in which the quizmaster gives an answer, and the contestants win by giving a question which produces it.) Like this: “To make lots of money online from victims all over the world with very little effort.”

Now, the question people usually ask is, “It seems so easy to be a cybercrook – why don’t the police do something about it?” One answer is that evidence can be tricky to acquire, and jurisidiction tricky to establish, when doing something about cybercrime. A crook in Belgium can defraud someone in Australia via a malicious advert served from China which tricks them into a credit card transaction in Canada processed by a server in Finland.

Despite the technical and legal hassles, the cops sometimes do get their man – or men. The US federal police force, the FBI, just announced some important international success against two cybergangs.

The operation, codenamed Trident Tribunal, lead both to arrests and to the significant disruption of their criminal operations.

The first cybergang was allegedly responsible for selling scareware, better known as fake anti-virus software. I’m sure you’re familiar with it: a popup advises you you’re at risk; then a ‘free scan’ finds a raft of ‘threats'; and a cleanup button offers to fix your woes. But the cleanup isn’t free. So you pay up, and the ‘threats’ are ‘removed’. For now, anyway.

The FBI estimates that this group tricked nearly a million people into buying its fraudulent software. With a price point from $50 to $130 (depending on how many ‘extras’ the victim gets talked into), this netted them over $72,000,000.

The second cybergang provided malvertising services. This is a technique which lets you sneak adverts for fraudulent services – notably, for scareware – onto respectable websites. The group allegedly created a fake advertising agency, and gave themselves a fake commission from a hotel chain to buy online ads in a Minneapolis newspaper. The ads were approved by the newspaper, but the fake agency ran malverts instead.

According to the FBI, it looks as though just two guys were able to make more than $2,000,000 in that scam.

Given the global scale of cybercrime, this may seem like a small victory for law enforcement. But it is a victory nevertheless.

The really good news here is that the anti-cybercrime operations above saw the successful co-operation of law enforcement teams in twelve countries: USA, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the UK.

Now we know the answers.

“Why do virus writers do it?” Sadly, because they can hope for revenues of about $75 per ‘sale’ by peddling an online sack of lies to one million ‘customers’.

“Why don’t the police do something about it?” Happily, they do.