Thousands Hooked by Malware from Big Sites

Use Netsparker


If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.

It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.

A subtle form of social engineering too, by leveraging on the trust a user gives to a big name site, they also pass that trust on to the banner ads displayed on that site.

Thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites, a researcher warns.

The scam is the latest to piggyback on banner ads that are fed to high-traffic destinations. Malicious code hardwired into the ads prompts a pop-up that warns of a bogus security threat on the visitor’s machine. It offers to fix the problem in exchange for a fee and for credit card information. The ad then attempts to install a back door on the victim’s machine.

There are thousands of sites with these malware infested banner ads running, so be careful. It seem you’re no longer safe even if you stay away from the seedier parts of the web.

I’d guess though the vast majority of readers here wouldn’t be stupid enough to download a prompted ‘security’ fix which randomly appeared.

Jackson estimates the rogue ads have appeared on anywhere from “several hundred to 1,000” sites, which tend to be related to television and entertainment. Based on unique signatures of the javascript used in the attack, which researchers have seen passing over the net, he estimates thousands of people have fallen for the ruse.

Jackson has managed to shut down at least two servers serving the bad ads, but warns at least two more are still operational. He declined to identify the servers or the websites by name.

I hope they manage to shut down the rest and save all the witless morons surfing the web from more infestations and information leakage.

Source: The Register

Posted in: Malware, Social Engineering

, , , ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


11 Responses to Thousands Hooked by Malware from Big Sites

  1. srinivas November 7, 2007 at 5:01 pm #

    During the last few years I noticed these kind of false security banner ads whenever I visited some sites. These kind of ads appear mostly on sites that provide illegally license keys of various software.

    A simple question arises, how can a website simply inform you on its banner (may be the banner is from a third party and the said site does not know what the banner says) that your system is infected or have some kind of security hole with out even scanning system for virus, spyware. These kind of false security statements make the average internet user (who is not from computing background) feel insecure about his/her system and might click on the ad in the hope of cleaning spyware and virus

    A website can scan for viruses and spy ware through the use ActiveX technology (please educate me if you know other techniques) and sites that support this require the user intervention to permit them access the system files.

    Some rogue sites install spyware using the 0 day exploits found for the browsers in the underground community . Users of such sites should think twice before they visit.

  2. normalsecrecy November 7, 2007 at 7:01 pm #

    it would be a waste of resources to try to shut down every rogue adserver. when we go online to shop, browse, chat, network, etc., we also accept the risk associated with living a web-enabled life. we can’t pass the burden + responsibilty onto industry. it’s no different than drving a car. it’s up to us to be aware of the risks out there and to do our best to mitigate or avoid those risks. yes, we need better, more secure software. but we also need smarter, more aware surfers.

  3. dirty November 7, 2007 at 8:45 pm #

    -normalsecrecy-
    I couldn’t agree more…I cant believe there are actually people out there that fall for these scams…then again my younger siblings and cousins always come to me when their MySpace, etc account gets hacked and always ask “how did someone do that?”… I usually explain its them and ways around it but nevertheless someone will eventually fall for something stupid sooner or later

  4. Pantagruel November 7, 2007 at 9:39 pm #

    With -dirty-

    When your six year old comes running, tells you some pop-up advised him that his pc was infected (I know stupid to let the punter use XP and IE) and he clicked OK to get it removed, you can hardly blame him.
    The aftermath is usually removing bucketloads of ‘additional software’ and cleaning out other ‘helpfull’ stuff. Replace the six year old with any ordinairy pc user and you see the potential ‘market’ (and number of zombies).
    Like -normalsecrecy- mentions the only thing to do is get smart and be carefull, unfortunately the majority is blissfully ignorant or simply not capable/willing to spent time aqcuiring safe surfing skill.
    Ofcourse I have tried “nix based boot cd’s/dvd’s as surfing platform, downside is IE limited websites ruining the internet experience.

  5. dirty November 7, 2007 at 9:58 pm #

    I have installed firefox for my mom and siblings so now they now to use icon with the fox and world as opposed to the icon with the E (for exploit, haha). But even firefox cant save them from everything

  6. fazed November 8, 2007 at 1:19 am #

    hmm im not sure how you would
    fall for this kind of trick.

  7. dirty November 8, 2007 at 4:02 pm #

    fazed
    Like Pantagruel said, its hard to stop kids and the computer illiterate. I know the people here would probably never fall for this type but obviously there are people that do or these type of user driven attacks wouldnt be seen

  8. Goodpeople November 8, 2007 at 11:46 pm #

    Joe Average Computer User doesn’t understand his computer, the Internet, the OS he is using, security issues or whatever. Nor does he want to! Scams like this one prey on the fact that you can make people believe just about anything.

    Think of that chain mail in which Bill G. promises to pay $1 for the treatment of some sick kid for every time the message is forwarded. Or all those annoying virus alerts that keep popping up from time to time.

    Education is the only answer. Every user we manage to educate, is one less potential victim.

    But hey, look on the bright side. As long as people keep falling for scams like this, we’ll be employed.. :-)

  9. dirty November 9, 2007 at 5:04 pm #

    Goodpeople Job security is nice, maybe we should mis-educate, jk

  10. Nobody_Holme November 10, 2007 at 3:00 pm #

    Someone needs to write some code to stick into exploder/firefox/whatever that unless you turn it off (so it gets all the illiterate fools) it blocks content from these servers… and people who know what they’re doing have some method to report them… um. yeah. or we could just try educating everyone we know in how to surf safe. or just carry out a cull of people who fall for this kind of thing…

  11. Sir Henry December 14, 2007 at 6:50 pm #

    @dirty:

    I, too, installed FF on my mom’s Windows host, but actually put the IE icon in place of the default FF icon so that she would not know the difference. I think, to this day, she still has no idea. But, that is only one part of the battle. My step-dad still goes to any site on the net and wants to click on every ad and every pop-up out there. For some, no amount of training will change their behavior.