Incident Response, Malware, Network Security, TDR

Malvertising hits eBay subsidiary

A site for classified advertising popular in the UK, Australia and South Africa called Gumtree was hit with a malvertising attack, according to Malwarebytes Labs.

According to Malwarebytes researchers, miscreants penetrated the network of an Australian legal firm and put up a phony version of its site that appeared legitimate, but actually contained a fraudulent subdomain off its main server. Gumtree, a subsidiary of eBay, receives 48 million monthly visits.

The criminals cut and pasted the firm's logo and some text from the legitimate site and fashioned what appeared to be a typical ad banner. They then contacted ad networks to inquire about advertising. Anyone clicking on the bogus, malvertising-laden ad would be vulnerable to receiving the Angler exploit kit, which typically injects different payloads, including ransomware or banking trojans.

Researchers detected a fingerprinting approach – that had been observed previously – capable of avoiding security tools or network packet captures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.