Zero-Day Malvertising Attack Went Undetected For Two Months

  /     /     /  
Publicated : 22/11/2024   Category : security


Zero-Day Malvertising Attack Went Undetected For Two Months


Researchers at Malwarebytes tracked stealthy attack campaign that infected some major websites with malicious ads harboring ransomware.



RSA CONFERENCE -- San Francisco -- Cybercriminals deployed an Adobe Flash Player zero-day exploit embedded in online ads for close to two months in an attack that targeted US users with a ransomware payload, researchers said here today.
The
use-after-free vulnerability
, CVE 2015-0313, was patched by Adobe on Feb. 2, and the day after, the attack campaign came to a screeching halt, according to researchers at Malwarebytes, which traced the zero-days lifecycle after their systems detected the attacks in December of last year. The attackers injected the malware-ridden ads on the websites of Dailymotion, Huffington Post, answers.com, New York Daily News, HowToGeek.com, tagged.com, as well as a handful of other sites.
A zero-day was under everybodys nose for two months on top websites, says Pedro Bustamante, director of special projects for Malwarebytes.
Bustamante says the researchers had never before seen a malvertising campaign like this one. The attackers used a popular advertising network, which Malwarebytes did not name but said is ranked as the number one such network by Comscore.
Malwarebytes doesnt have a head count of victims hit with the ransomware, but traffic to the infected sites reached over 1 billion in February of this year. Not all of those victims obviously were infected--although they would not have to click on the infected ad to get infected, they had to meet the demographics the attackers were looking for, which were US consumers behind residential IP addresses.
Each of the affected websites ran the malicious ads for an average of two days, and Malwarebytes in its research traced back its first detection and blocking of the zero-day exploit on Dec. 10, 2014.
The attackers used the HanJuan exploit kit, which was hosted on rotating domains to evade detection. It drops CryptoWall ransomware for click fraud purposes.
The attackers appear to be a highly professional operation given the use of an 0day for months on high-profile sites, Jerome Segura, senior security researcher at Malwarebytes wrote in a report on the attacks. All in all, this zero-day threat underlines how the threat from exploits delivered through malvertising is one that should be taken much more seriously, he said.
A
recent study
conducted by the Association of National Advertisers and WhiteOps tracked online ad traffic patterns for 36 major companies and discovered that advertisers are losing $6.3 billion to $10 billion per year in ad fraud.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zero-Day Malvertising Attack Went Undetected For Two Months