Major Websites Plagued With Malicious Advertising Infect Many
According to security researchers, a number of major websites served their users with malicious advertising messages which lead to thousand of computers getting infected. Several security vendors have reported this as being the second incident of this type in a month. Sites like Huffington Post or LA Weekly have been some of the unintentional accomplices for this cyber attack.
The security threat was generated by malvertising (malicious advertising) which automatically redirected its victims to other pages that covertly installed malware. Cyphort's head of security research, Nick Bilogorskiy, identified Adtech.de (advertising company owned by AOL), adxpansion.com and Ad.directrev.com as the sources that distributed the advertisements. However, he went on to say that these types of malware are very hard to spot as they can attack preferential targets or simply wait to pass the security test before activating their malicious codes . Furthermore, it would seem that Adtech has already gotten rid of all the malvertisments from their database.
On a separate note, Talos (the security research group associated with Cisco) recently declared that over 1,800 legitimate domains have been used to spread something called Angler exploit kit. Trend Micro stated that attacks involving Angler take advantage of a 0-day vulnerability which was recently discovered in Adobe System Flash. This type of attacks has been spotted on Dailymotion.
It would seem that the Internet world is getting more and more dangerous and not just for computers. Avast reported that apps containing adware have found their way into the Google Play store and have been downloaded millions of times. According to the security company, this new type of malware disguises its advertising as warning messages that trigger as soon as the user unlocks the screen.
