Thousands Hooked by Malware from Big Sites

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.

It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.

A subtle form of social engineering too, by leveraging on the trust a user gives to a big name site, they also pass that trust on to the banner ads displayed on that site.

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns.

The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor’s machine. It offers to fix the problem in exchange for a fee and for credit card information. The ad then attempts to install a back door on the victim’s machine.

There are thousands of sites with these malware infested banner ads running, so be careful. It seem you’re no longer safe even if you stay away from the seedier parts of the web.

I’d guess though the vast majority of readers here wouldn’t be stupid enough to download a prompted ‘security’ fix which randomly appeared.

Jackson estimates the rogue ads have appeared on anywhere from “several hundred to 1,000” sites, which tend to be related to television and entertainment. Based on unique signatures of the javascript used in the attack, which researchers have seen passing over the net, he estimates thousands of people have fallen for the ruse.

Jackson has managed to shut down at least two servers serving the bad ads, but warns at least two more are still operational. He declined to identify the servers or the websites by name.

I hope they manage to shut down the rest and save all the witless morons surfing the web from more infestations and information leakage.

Source: The Register

Posted in: Malware, Social Engineering

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

11 Responses to Thousands Hooked by Malware from Big Sites

  1. srinivas November 7, 2007 at 5:01 pm #

    During the last few years I noticed these kind of false security banner ads whenever I visited some sites. These kind of ads appear mostly on sites that provide illegally license keys of various software.

    A simple question arises, how can a website simply inform you on its banner (may be the banner is from a third party and the said site does not know what the banner says) that your system is infected or have some kind of security hole with out even scanning system for virus, spyware. These kind of false security statements make the average internet user (who is not from computing background) feel insecure about his/her system and might click on the ad in the hope of cleaning spyware and virus

    A website can scan for viruses and spy ware through the use ActiveX technology (please educate me if you know other techniques) and sites that support this require the user intervention to permit them access the system files.

    Some rogue sites install spyware using the 0 day exploits found for the browsers in the underground community . Users of such sites should think twice before they visit.

  2. normalsecrecy November 7, 2007 at 7:01 pm #

    it would be a waste of resources to try to shut down every rogue adserver. when we go online to shop, browse, chat, network, etc., we also accept the risk associated with living a web-enabled life. we can’t pass the burden + responsibilty onto industry. it’s no different than drving a car. it’s up to us to be aware of the risks out there and to do our best to mitigate or avoid those risks. yes, we need better, more secure software. but we also need smarter, more aware surfers.

  3. dirty November 7, 2007 at 8:45 pm #

    I couldn’t agree more…I cant believe there are actually people out there that fall for these scams…then again my younger siblings and cousins always come to me when their MySpace, etc account gets hacked and always ask “how did someone do that?”… I usually explain its them and ways around it but nevertheless someone will eventually fall for something stupid sooner or later

  4. Pantagruel November 7, 2007 at 9:39 pm #

    With -dirty-

    When your six year old comes running, tells you some pop-up advised him that his pc was infected (I know stupid to let the punter use XP and IE) and he clicked OK to get it removed, you can hardly blame him.
    The aftermath is usually removing bucketloads of ‘additional software’ and cleaning out other ‘helpfull’ stuff. Replace the six year old with any ordinairy pc user and you see the potential ‘market’ (and number of zombies).
    Like -normalsecrecy- mentions the only thing to do is get smart and be carefull, unfortunately the majority is blissfully ignorant or simply not capable/willing to spent time aqcuiring safe surfing skill.
    Ofcourse I have tried “nix based boot cd’s/dvd’s as surfing platform, downside is IE limited websites ruining the internet experience.

  5. dirty November 7, 2007 at 9:58 pm #

    I have installed firefox for my mom and siblings so now they now to use icon with the fox and world as opposed to the icon with the E (for exploit, haha). But even firefox cant save them from everything

  6. fazed November 8, 2007 at 1:19 am #

    hmm im not sure how you would
    fall for this kind of trick.

  7. dirty November 8, 2007 at 4:02 pm #

    Like Pantagruel said, its hard to stop kids and the computer illiterate. I know the people here would probably never fall for this type but obviously there are people that do or these type of user driven attacks wouldnt be seen

  8. Goodpeople November 8, 2007 at 11:46 pm #

    Joe Average Computer User doesn’t understand his computer, the Internet, the OS he is using, security issues or whatever. Nor does he want to! Scams like this one prey on the fact that you can make people believe just about anything.

    Think of that chain mail in which Bill G. promises to pay $1 for the treatment of some sick kid for every time the message is forwarded. Or all those annoying virus alerts that keep popping up from time to time.

    Education is the only answer. Every user we manage to educate, is one less potential victim.

    But hey, look on the bright side. As long as people keep falling for scams like this, we’ll be employed.. :-)

  9. dirty November 9, 2007 at 5:04 pm #

    Goodpeople Job security is nice, maybe we should mis-educate, jk

  10. Nobody_Holme November 10, 2007 at 3:00 pm #

    Someone needs to write some code to stick into exploder/firefox/whatever that unless you turn it off (so it gets all the illiterate fools) it blocks content from these servers… and people who know what they’re doing have some method to report them… um. yeah. or we could just try educating everyone we know in how to surf safe. or just carry out a cull of people who fall for this kind of thing…

  11. Sir Henry December 14, 2007 at 6:50 pm #


    I, too, installed FF on my mom’s Windows host, but actually put the IE icon in place of the default FF icon so that she would not know the difference. I think, to this day, she still has no idea. But, that is only one part of the battle. My step-dad still goes to any site on the net and wants to click on every ad and every pop-up out there. For some, no amount of training will change their behavior.