Malvertising campaign exposes up to 50 million internet users to the Angler EK and Bunitu malware
Security researchers have warned that a large-scale malvertising campaign is exposed millions of Internet users around the world to malware.
The warning comes after Facebook last month signed a new partnership deal to tackle malvertising on its site.
According to Websense Security Labs, the latest malvertising campaign exposes potentially up to 50 million web users to some nasty malware.
When a web user tries to browse to websites such as CNN Indonesia, the official website of Prague Airport, Detik, AASTOCKS, RTL Television Croatia, and the Bejewled Blitz game on Facebook, they are potentially exposed to this malware thanks to compromised OpenX scripts. The nasty code is “evasive and stealthy” and leads to the Angler Exploit Kit which exploits an Adobe Flash flaw in order to insert the Bunitu trojan onto the PC.
“The code injected into the compromised Revive Adserver scripts in this campaign have been seen to lead to the very prevalent Angler Exploit Kit,” said Websense in a blog posting. “The injected code is not always sent when the script is requested, making it difficult to detect with automated analysis tools. In addition, Angler Exploit Kit will only serve up the malicious exploit code once per IP in a 24 hour period or so.”
“Since April we have seen compromised Revive Adserver scripts being used by several highly popular websites,” said the security firm. “Some of these only seem to contain the injected code for 24 hours, whilst others have remained compromised for weeks.”
It seems that the malware can turn the victim’s PC into a zombie machine that can be used maliciously in the future. And it also contacts its C&C so the hackers know which machines are infected and available to them.
The six stages of this malvertising campaign is recon, lure, redirect, exploit kit, dropper, and call home.
Malvertising has grown steadily to become a significant threat to many online organisations over the past few years. That said, other tech firms have followed Facebook’s lead to provide protection for their users.
Earlier this year, security researchers have spotted malware being distributed through malicious advertisements on popular adult website xHamster.
And fashion retailer Hugo Boss has also revealed that some of its adverts had been compromised, with malware appearing on the Huffington Post and several other news sites.
How much do you know about hacking? Take our quiz!