Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Share this article:
PlayStation Network downed by DDoS attack, other gaming networks hit too
Malicious ads impact Java.com, TMZ and Photobucket site visitors.

A number of high-profile websites, including Java.com, TMZ.com and IBTimes.com, were impacted by a malvertising campaign which spread malware to online visitors.

According to Fox-IT, which blogged about the threat Wednesday, at least eight websites were found hosting poisoned ads, which were rigged to include the Angler exploit kit. EBay.ie, Photobucket.com, Kapaza.be, TVgids.nl, and Deviantart.com were also among the group of targeted sites.

Fox-IT observed the attacks on its clients between Tuesday and Friday of last week, the company revealed.

“Upon landing on this exploit kit, a few checks were done to confirm whether the user is running a vulnerable version of either Java, Flash or Silverlight,” the post said, detailing the attack. “If the user was deemed vulnerable, the exploit kit would embed an exploit initiating a download of a malicious payload. In this campaign it was the Asprox malware.”

In a Thursday interview with SCMagazine.com, Yonathan Klijnsma, cybercrime security expert at Fox-IT, said that it was later determined that a component of the Asprox botnet, called “Rerdom,” was being spread as one of the main malicious modules.

“[Rerdom causes] the infected computers to click on advertisements,” Klijnsma said, adding that the Windows malware allows scammers to “perform ad fraud on a large scale.”

Fox-IT noted that attackers targeted ad network AppNexus to poison the advertisements. In its blog post, the firm said that visitors didn't need to click on the malicious advertisements to be infected, as the attack occurred “silently in the background as the ad is loaded by the user's browser.”

In his interview, Klijnsma advised users to disable any browser plug-ins that are barely used, or to make sure they are updated if in use, to prevent similar attacks from occurring.

AppNexus addressed the issue on Friday, he added, and the firm has remained in contact with the advertiser to make sure the campaign is no longer active.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.