Malicious ads impact Java.com, TMZ and Photobucket site visitors, firm finds

Share this article:
PlayStation Network downed by DDoS attack, other gaming networks hit too
Malicious ads impact Java.com, TMZ and Photobucket site visitors.

A number of high-profile websites, including Java.com, TMZ.com and IBTimes.com, were impacted by a malvertising campaign which spread malware to online visitors.

According to Fox-IT, which blogged about the threat Wednesday, at least eight websites were found hosting poisoned ads, which were rigged to include the Angler exploit kit. EBay.ie, Photobucket.com, Kapaza.be, TVgids.nl, and Deviantart.com were also among the group of targeted sites.

Fox-IT observed the attacks on its clients between Tuesday and Friday of last week, the company revealed.

“Upon landing on this exploit kit, a few checks were done to confirm whether the user is running a vulnerable version of either Java, Flash or Silverlight,” the post said, detailing the attack. “If the user was deemed vulnerable, the exploit kit would embed an exploit initiating a download of a malicious payload. In this campaign it was the Asprox malware.”

In a Thursday interview with SCMagazine.com, Yonathan Klijnsma, cybercrime security expert at Fox-IT, said that it was later determined that a component of the Asprox botnet, called “Rerdom,” was being spread as one of the main malicious modules.

“[Rerdom causes] the infected computers to click on advertisements,” Klijnsma said, adding that the Windows malware allows scammers to “perform ad fraud on a large scale.”

Fox-IT noted that attackers targeted ad network AppNexus to poison the advertisements. In its blog post, the firm said that visitors didn't need to click on the malicious advertisements to be infected, as the attack occurred “silently in the background as the ad is loaded by the user's browser.”

In his interview, Klijnsma advised users to disable any browser plug-ins that are barely used, or to make sure they are updated if in use, to prevent similar attacks from occurring.

AppNexus addressed the issue on Friday, he added, and the firm has remained in contact with the advertiser to make sure the campaign is no longer active.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.