Published on March 16th, 2016 📆 | 5239 Views ⚑0
MASSIVE MALVERTISING CAMPAIGN LANDS ON TOP WEBSITES
Big-name websites were hit with a cunning malvertising campaign over the weekend that attempted to sneak TeslaCrypt ransomware on computers vulnerable to the potent Angler Exploit Kit. Top sites running the malicious ads included The New York Times owned NYTimes.com, Answers.com and AOL.com, according three separate security firms that spotted a spike in malvertising over the weekend.
According to researchers at Trustwave, thousands of sites were impacted by the malicious advertisements that if clicked on, linked to a webpage that contained Angler EK, which probes browsers for vulnerabilities and attempts to installs malware.
For anyone with a vulnerable browser, attackers installed either TeslaCrypt ransomware or the Bedep Trojan, which opens a backdoor on PCs so attackers can install a variety of malicious programs. Malvertising campaigns were also confirmed by TrendMicro and Malwarebytes but it’s unclear if the three malicious ad campaigns are linked. Karl Sigler, threat intelligence manager at Trustwave, told Threatpost that attackers behind the malware use a sophisticated scheme to trick ad networks to run their malicious ads. The scheme included acquiring the domains of recently expired web addresses previously owned by marketing and advertising firms. “Ad networks vet the companies that run ads on their networks,” Sigler said. “Those behind this malvertising campaign went to great lengths to appear legitimate,” he said. The two ad networks that distributed the ads were identified as Adnxs and Taggify. Adnxs immediately removed the ads from its network and Taggify didn’t reply to Trustwave when alerted, Sigler said. One of expired domain used by attackers was brentsmedia[.]com, which according to Trustwave, was previously owned by BrentsMedia, a now shuttered online marketing company.