• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Thousands Hooked by Malware from Big Sites

November 7, 2007

Views: 3,735

[ad]

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.

It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.

A subtle form of social engineering too, by leveraging on the trust a user gives to a big name site, they also pass that trust on to the banner ads displayed on that site.

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns.

The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor’s machine. It offers to fix the problem in exchange for a fee and for credit card information. The ad then attempts to install a back door on the victim’s machine.

There are thousands of sites with these malware infested banner ads running, so be careful. It seem you’re no longer safe even if you stay away from the seedier parts of the web.

I’d guess though the vast majority of readers here wouldn’t be stupid enough to download a prompted ‘security’ fix which randomly appeared.

Jackson estimates the rogue ads have appeared on anywhere from “several hundred to 1,000” sites, which tend to be related to television and entertainment. Based on unique signatures of the javascript used in the attack, which researchers have seen passing over the net, he estimates thousands of people have fallen for the ruse.

Jackson has managed to shut down at least two servers serving the bad ads, but warns at least two more are still operational. He declined to identify the servers or the websites by name.

I hope they manage to shut down the rest and save all the witless morons surfing the web from more infestations and information leakage.

Source: The Register

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Malware, Social Engineering Tagged With: malware, Social Engineering, trojans, virus, viruses



Reader Interactions

Comments

  1. srinivas says

    November 7, 2007 at 5:01 pm

    During the last few years I noticed these kind of false security banner ads whenever I visited some sites. These kind of ads appear mostly on sites that provide illegally license keys of various software.

    A simple question arises, how can a website simply inform you on its banner (may be the banner is from a third party and the said site does not know what the banner says) that your system is infected or have some kind of security hole with out even scanning system for virus, spyware. These kind of false security statements make the average internet user (who is not from computing background) feel insecure about his/her system and might click on the ad in the hope of cleaning spyware and virus

    A website can scan for viruses and spy ware through the use ActiveX technology (please educate me if you know other techniques) and sites that support this require the user intervention to permit them access the system files.

    Some rogue sites install spyware using the 0 day exploits found for the browsers in the underground community . Users of such sites should think twice before they visit.

  2. normalsecrecy says

    November 7, 2007 at 7:01 pm

    it would be a waste of resources to try to shut down every rogue adserver. when we go online to shop, browse, chat, network, etc., we also accept the risk associated with living a web-enabled life. we can’t pass the burden + responsibilty onto industry. it’s no different than drving a car. it’s up to us to be aware of the risks out there and to do our best to mitigate or avoid those risks. yes, we need better, more secure software. but we also need smarter, more aware surfers.

  3. dirty says

    November 7, 2007 at 8:45 pm

    -normalsecrecy-
    I couldn’t agree more…I cant believe there are actually people out there that fall for these scams…then again my younger siblings and cousins always come to me when their MySpace, etc account gets hacked and always ask “how did someone do that?”… I usually explain its them and ways around it but nevertheless someone will eventually fall for something stupid sooner or later

  4. Pantagruel says

    November 7, 2007 at 9:39 pm

    With -dirty-

    When your six year old comes running, tells you some pop-up advised him that his pc was infected (I know stupid to let the punter use XP and IE) and he clicked OK to get it removed, you can hardly blame him.
    The aftermath is usually removing bucketloads of ‘additional software’ and cleaning out other ‘helpfull’ stuff. Replace the six year old with any ordinairy pc user and you see the potential ‘market’ (and number of zombies).
    Like -normalsecrecy- mentions the only thing to do is get smart and be carefull, unfortunately the majority is blissfully ignorant or simply not capable/willing to spent time aqcuiring safe surfing skill.
    Ofcourse I have tried “nix based boot cd’s/dvd’s as surfing platform, downside is IE limited websites ruining the internet experience.

  5. dirty says

    November 7, 2007 at 9:58 pm

    I have installed firefox for my mom and siblings so now they now to use icon with the fox and world as opposed to the icon with the E (for exploit, haha). But even firefox cant save them from everything

  6. fazed says

    November 8, 2007 at 1:19 am

    hmm im not sure how you would
    fall for this kind of trick.

  7. dirty says

    November 8, 2007 at 4:02 pm

    fazed
    Like Pantagruel said, its hard to stop kids and the computer illiterate. I know the people here would probably never fall for this type but obviously there are people that do or these type of user driven attacks wouldnt be seen

  8. Goodpeople says

    November 8, 2007 at 11:46 pm

    Joe Average Computer User doesn’t understand his computer, the Internet, the OS he is using, security issues or whatever. Nor does he want to! Scams like this one prey on the fact that you can make people believe just about anything.

    Think of that chain mail in which Bill G. promises to pay $1 for the treatment of some sick kid for every time the message is forwarded. Or all those annoying virus alerts that keep popping up from time to time.

    Education is the only answer. Every user we manage to educate, is one less potential victim.

    But hey, look on the bright side. As long as people keep falling for scams like this, we’ll be employed.. :-)

  9. dirty says

    November 9, 2007 at 5:04 pm

    Goodpeople Job security is nice, maybe we should mis-educate, jk

  10. Nobody_Holme says

    November 10, 2007 at 3:00 pm

    Someone needs to write some code to stick into exploder/firefox/whatever that unless you turn it off (so it gets all the illiterate fools) it blocks content from these servers… and people who know what they’re doing have some method to report them… um. yeah. or we could just try educating everyone we know in how to surf safe. or just carry out a cull of people who fall for this kind of thing…

  11. Sir Henry says

    December 14, 2007 at 6:50 pm

    @dirty:

    I, too, installed FF on my mom’s Windows host, but actually put the IE icon in place of the default FF icon so that she would not know the difference. I think, to this day, she still has no idea. But, that is only one part of the battle. My step-dad still goes to any site on the net and wants to click on every ad and every pop-up out there. For some, no amount of training will change their behavior.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AI-Powered Malware - The Next Evolution in Cyber Threats

AI-Powered Malware – The Next Evolution in Cyber Threats

Views: 239

Introduction Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the … ...More about AI-Powered Malware – The Next Evolution in Cyber Threats

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 369

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 676

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 597

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 638

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 482

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (230)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,299,269)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,111)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,648)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,694)
  • Password List Download Best Word List – Most Common Passwords (933,536)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,175)
  • Hack Tools/Exploits (673,304)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,194)

Search

Recent Posts

  • AI-Powered Malware – The Next Evolution in Cyber Threats May 21, 2025
  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy