- Apr 13, 2013
- 3,142
SECURITY OUTFIT MALWAREBYTES has warned of a malvertising attack that appears to be part of a large scale, ongoing campaign affecting a number of popular websites such as Last.fm. Users are getting infected by the exploit kit that is hidden in online ads, which means they probably don't even know the payload is on their computer.
Malwarebytes said The Times of Israel and The Jerusalem Post were affected by the same attack campaign and looking further into it discovered "it is much bigger" than first thought because it involves doubleclick.net, a subsidiary of Google for online ads, and Zedo, a popular advertising agency.
The malware payload distributed to unsuspecting visitors was identified as Zemot by Microsoft in its Malicious software removal tool (MSRT) for September. The Zemot Trojan downloaders are frequently used by malware with a number of different payloads. Microsoft said that recently, malware such as Win32/Rovnix, Win32/Viknok, and Win32/Tesch have begun using Zemot to distribute their malicious payloads. "It is necessary for any real-time security software to effectively remediate these downloaders to prevent reinfection with these payloads," Microsoft said.
Zemot is often mass distributed to the payload URLs and uses several techniques to make sure the downloaded module will be successful on all Windows machines. "What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," Malwarebytes said in a blog post. "We rarely see attacks on a large scale like this, so we highly recommend that people keep their systems up-to date, with current antivirus and anti-malware protection."
Malwarebytes said that the latest victim of this campaign is popular music streaming website Last.fm.
The firm said that it first detected this new attack pattern on 30 August, and the discovery is still developing, so it could be that even more websites are affected.
Malwarebytes said The Times of Israel and The Jerusalem Post were affected by the same attack campaign and looking further into it discovered "it is much bigger" than first thought because it involves doubleclick.net, a subsidiary of Google for online ads, and Zedo, a popular advertising agency.
The malware payload distributed to unsuspecting visitors was identified as Zemot by Microsoft in its Malicious software removal tool (MSRT) for September. The Zemot Trojan downloaders are frequently used by malware with a number of different payloads. Microsoft said that recently, malware such as Win32/Rovnix, Win32/Viknok, and Win32/Tesch have begun using Zemot to distribute their malicious payloads. "It is necessary for any real-time security software to effectively remediate these downloaders to prevent reinfection with these payloads," Microsoft said.
Zemot is often mass distributed to the payload URLs and uses several techniques to make sure the downloaded module will be successful on all Windows machines. "What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself," Malwarebytes said in a blog post. "We rarely see attacks on a large scale like this, so we highly recommend that people keep their systems up-to date, with current antivirus and anti-malware protection."
Malwarebytes said that the latest victim of this campaign is popular music streaming website Last.fm.
The firm said that it first detected this new attack pattern on 30 August, and the discovery is still developing, so it could be that even more websites are affected.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}