“Great ad network serving malware” – update 3




Engage Lab, a large advertising network that puts DoubleClick and Google ads on websites serving malware. According to Fox-IT is about one of the biggest attacks by malware through advertising that has been observed so far.

Fox-IT allows among its customers, for whom it monitors internal networks, since Tuesday afternoon to perceive a significant amount of infections and attempted infections. “Compared with previous campaigns malvertising- this is one of the largest we’ve seen so far,” said security researcher Maarten van Dantzig Fox-IT. That customers are affected by Fox-IT, indicates that much to offer Dutch websites at this time probably unwanted malware trying to sixty to seventy percent of the “sensors” Fox-IT is in Western Europe.

Probably the network attackers, Engage Lab, penetrated to post as malicious ads. Addition, they use according to Fox-IT’s Nuclear Exploit Kit, which looks for outdated versions of Flash, Silverlight and Java to abuse as security problems and install malicious software. What software attackers attempted to install at this time is unclear.

Engage Lab fills via real-time bidding “ad space on websites. Thereby offering advertisers the ad space. The company uses Google servers and its daughter company DoubleClick to show the ads.

Users and network administrators can include ward by their software, especially Java, Silverlight and Flash, update to the latest version. They can also block the IP addresses and 85,143,217,196; which addresses are used by attackers used to serve malware and malware once installed send new commands. To prevent plug-ins can be used to install malware, users can also set the browser plug-ins are not loaded automatically, but only when the user clicks on an object.

It happens often that ad networks are used to spread malware. Attackers hack while the ad network, or know how to get an ad with malware through the controls of ad networks. Because of this, several large Dutch sites, including famous names like NU.nl, Telegraph and NRC.nl, served in the past malware.

Update, 21:39: As a precautionary measure Tweakers deported anyway automated trading, so such ads are not automatically displayed. Hence the malware anyway via Tweakers can not be served. Ads that are purchased directly through Tweakers, are still visible.

Update, 21:54: Fox-IT has released an infographic which show how the malware infects a user.

Update, Wednesday 7:14: The ad network now seems no longer to serve malware.


In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »