- Jun 9, 2013
- 6,720
A large malvertising campaign hitting the Netherlands is affecting most of the popular Dutch websites, with a total 288 sites being affected.
Malvertising occurs when cyber-criminals create ads which are perceived as legitimate but actually spread malware by hiding a small piece of code deep in the script. Thus, when a surfer clicks on it, the victim’s computer is connected to criminal servers rather than to the legitimate advertiser that it purports to be, and the malware is downloaded—usually with the victim being none the wiser.
Researchers at the Fox-IT Security Operations Center (SOC) said that this particular campaign is occurring through an advertisement platform that loads external scripts before redirecting traffic to the Angler Exploit Kit. From there, TeslaCrypt, Cryptowall and other baddies can be disseminated.
The impact could be widespread: Web analysis firm SimilarWeb estimates that Nu.nl alone had more than 50 million visitors in March. Other affected sites include eBay-style service Marktplaats.nl and well-known news and culture sites, Fox-IT said.
“We’ve been in contact with the affected advertisement provider who responded quickly to the incident and has filtered the listed IOCs in their advertisement platform,” the security researchers said in an analysis. “They will be tracking down the affected content provider as this issue has not been fully resolved, it has simply been filtered for now.”
Full Article. Malvertising Push Infects 288 Popular Websites
Malvertising occurs when cyber-criminals create ads which are perceived as legitimate but actually spread malware by hiding a small piece of code deep in the script. Thus, when a surfer clicks on it, the victim’s computer is connected to criminal servers rather than to the legitimate advertiser that it purports to be, and the malware is downloaded—usually with the victim being none the wiser.
Researchers at the Fox-IT Security Operations Center (SOC) said that this particular campaign is occurring through an advertisement platform that loads external scripts before redirecting traffic to the Angler Exploit Kit. From there, TeslaCrypt, Cryptowall and other baddies can be disseminated.
The impact could be widespread: Web analysis firm SimilarWeb estimates that Nu.nl alone had more than 50 million visitors in March. Other affected sites include eBay-style service Marktplaats.nl and well-known news and culture sites, Fox-IT said.
“We’ve been in contact with the affected advertisement provider who responded quickly to the incident and has filtered the listed IOCs in their advertisement platform,” the security researchers said in an analysis. “They will be tracking down the affected content provider as this issue has not been fully resolved, it has simply been filtered for now.”
Full Article. Malvertising Push Infects 288 Popular Websites
