Jump to content

Featured Replies

Posted

The Media Trust, an online security vendor, has detected a malvertising campaign that specifically targeted ads presented with online video as a channel of distribution.

 

While malvertising campaigns using video ads have surfaced in the past, the recent attack detected by The Media Trust affected over 3,000 websites, many of which were part of Alexa's Top 100.

Fortunately, the campaign only lasted for 12 hours, late on Thursday, October 29, and was thwarted by the company's quick response.

 

The attack followed the regular infection pattern used by normal malvertising techniques, but with a few modifications to work with video delivery platforms.

 

According to The Trust Media team, a malicious SWF file was downloaded on the victim's computers when accessing a video page.

The malicious file was hosted on the brtmedia.net domain and was imitating a video player.

 

This SWF file executes its malicious load only on lesser known sites, avoiding large video platforms, where security teams continually search their sites looking for problematic ads.

 

The actual attack happens when the SWF file injects JavaScript code in the page where the video ad is supposed to display, simulating a winning ad bid, but actually loading a 1px by 1px hidden iframe.

 

This iframe loads a popup window that scans the user's computer settings and prompts him with a message to update some of his local software.

 

If the user is careless to click on the popup, he will download malicious software packed with PUPs and other malware.

 

e568f7628ef7f2e8b7b6616503d48790.jpg

 

 

 

Source:

http://news.softpedia.com/news/malvertising-has-now-spread-to-video-ads-496161.shtml

76c90dd0e79a714317a8daeecc1584d2.png

  • FPCH Admin
At least that's one good thing about Ad Muncher. It does do away with video ads.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

Guest
Reply to this topic...