Google DoubleClick Unknowingly Served Up Malicious Ad

  /     /     /  
Publicated : 22/11/2024   Category : security


Google DoubleClick Unknowingly Served Up Malicious Ad


JavaScript-based drive-by attack automatically infected website visitors with fake antivirus



Major online ad network Google DoubleClick this month inadvertently posted a malicious advertisement on websites that infected users visiting sites running the ad.
This was no typical malvertising campaign attack, says Wayne Huang, CTO and researcher at Armorize, who discovered the threat. The ad automatically installs a rogue antivirus program on the victims computer and holds it for ransom until the user purchases software to fix it.
Its a JavaScript program that tries to exploit multiple vulnerabilities in your browser. It will succeed and then a malicious program is installed without the website or malicious ad tricking you to install it, Huang says.
The malicious program includes both a backdoor Trojan and the fake AV. Its a real Windows program, and if you try to execute another program, it wont let you do anything. It tells you your hard disk is failing, he says.
The malware in question is HDD Plus, which has been mysteriously spreading around the Internet during the past few days, including via msn.com, according to Armorize. A lot of people were talking about it, but no one said one of the means it was spreading was through DoubleClick, Huang says.
The attackers used a name similar to the legitimate AdShuffle online ad firm, but with an extra letter f, just enough to fool DoubleClick into posting the ad on websites. The ads first appeared around Dec. 4, and DoubleClick had caught and removed the malicious ad, which featured greeting cards as well as other items, by Dec. 8, according to Huang, who says he doesnt know how many users might have been infected.
The malware targets Internet Explorer, but it also uses exploits that go after PDF plug-in flaws in other types of browsers. Huang says most AV packages should detect the malware now. The attack demonstrates just how easy malvertising attacks can be executed, he says.
You dont need to compromise a website, just submit an ad on an exchange, he says. Its as easy as registering a similar domain name as an existing advertiser.
Huang is posting a blog
here today
with more details on the attacks.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google DoubleClick Unknowingly Served Up Malicious Ad