- Jan 24, 2011
- 9,378
Security researchers identified a new malvertising campaign leveraging Ad.fly advertising service to redirect to redirect users to HanJuan exploit kit and ultimately compromise systems with malware designed to steal login credentials.
HanJuan is rarely encountered in security incidents, which kept it under the radar. There isn’t too much information about it, but in the past it has been seen to deliver an exploit for a Flash Player zero-day.
Ad.fly is a URL shortening service that shows an advertisement before the user can access the content available at the short link.
Exploits for Flash and Internet Explorer delivered
Jerome Segura from Malwarebytes analyzed the current campaign and noticed that it relies on a complex redirection chain until users are passed to a legitimate location that has been compromised to host the exploit kit.
To thwart analysis, cybercriminals resorted to cross-origin resource sharing, a mechanism that allows resources to be loaded on a web page from a different domain than the one for the parent web page, creating a disruption in the resource loading flow.
Segura says that the landing page for HanJuan contains code for launching exploits for a Flash vulnerability (CVE-2015-0359) and one in Internet Explorer (CVE-2014-1776), depending on the profile of the visitor.\
Read more: http://news.softpedia.com/news/adf-...ler-via-drive-by-download-attack-485190.shtml