Threat Management, Threat Management

DoubleClick ad fraud campaign lures victims with promise of adult videos

Malwarebytes researchers spotted yet another malvertising campaign leveraging the promise of adult videos to lure users into their DoubleClick ad fraud scam.

The campaign exploits the TrafficHolder adult ad platform and redirects users to what appears to be a YouTube for adult content, according to a Monday blog post. The page appears legit; however, it is actually a large JPEG overlay covering a WordPress site.

When a user clicks the play tab attempting to view the video, the click is used to launch a real and paid advertisement via Google's DoubleClick. After a few seconds, the image will disappear and reveal the underlying WordPress site, the majority of which were most likely used for hosting other "spammy" content, the post said.

The technique is called “clickjacking” and it is used to generate legitimate-looking clicks on advertisement, researchers said in the blog.

“Crooks are using hundreds of what appear to be bogus (insurance, loans and other scams) WordPress sites to carry out this fraudulent scheme,” the post said.

This particular campaign doesn't put users at risk as they are simply being “duped” so that the crooks behind the attack can make money. However, researchers advise users to exercise caution as they have witnessed redirections to exploit kits via the same ad platform that is being exploited for this campaign.

This type of attack could easily lead to an individual becoming infected or hacked if the link had been truly been malicious, Lastline cybersecurity expert Craig Kensek told SCMagazine.com via emailed comments.

“Individuals shouldn't fall victim to a second cousin of "wet paint syndrome" and click where they've been taken to. Instead they should close that window,” Kensek said.

Leaving the victims of the scam unscathed actually plays into the agenda of the scammers, experts say.

“The benefit is the user doesn't get infected, so the likelihood that they won't report the issue to the website owner is higher than if malware was used to infect them,” Trend Micro Senior Global Marketing Manager Jon Clay told SCMagazine.com. “This allows their scam to run longer than normal.”

Experts have noticed an uptick in these type of attacks as someone is willing to pay for the phony clicks.

"Ad fraud is a huge and highly profitable business, so it is no surprise that is growing,” Tim McElwee, president of security firm Proficio, told SCMagazine.com via emailed comments. Despite this, there are more important concerns to worry about.

“Users and businesses need to be concerned about downloading malware more than clicking on an unwanted ad,” he said 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.