Malware experts have recently noticed a new major virtual threat that could have devastating outcomes. The malicious activity was dubbed as malvertising; as the name suggest certain adverts were noticed to redirect users to potentially harmful websites in order to implement malware onto their system. The most alarming feature is that these adverts are not provided by an adware application; these ads, in fact, could be integrated on any website. Recently websites like examiner.com and last.fm were found out to be hosting such ads, but it is not the vendors’ fault as these adverts are carefully disguised by malware distributors to look and seem legitimate. The mentioned websites were probably victims to a first-time scam, as the research revealed that these adverts are created in a quite obnoxious way, which is why they were able to bypass some malware detection and removal tools.
How do these cookies work?
The analysis has revealed that some adverts can be made in Flash while the others could be a simple .GIF file. In most cases the redirect information is stored within the HTML source itself. Fortunately, this technique is more common and malware experts all around the world have acted upon. Thus, the majority of professional antimalware tools were able to detect the potential danger once the user clicked on the malicious advertisement. One of the very recent events regarding malvertising was the advert that contained the redirect information within the browser cookie, and that is quite unusual, so numerous malware experts started a detailed in-depth analysis of this suspicious, and yet interesting subject. Our research team did their fair share of work and has revealed some interesting facts regarding this particular case. It was found out that the main piece of code that is responsible for the redirection is contained within a browser cookie, which is dropped by a website, on which the malicious advert is hosted. It was also discovered that the malicious cookie interacts with Java, and that signified that the website to which the user was redirected is running the Angler Exploit, which is a tool used to exploit Java and Flash player vulnerabilities, meaning that just landing on such a page is enough to get your PC infected with malware. In this particular case, the user is redirected to morelsjayewardene.epnethost.com/ent1nzvwqm.php which is disguised in a Google URL shortened service; the actual URL hidden within the cookie is goo.gl//AcmR1b. Fortunately the shortened URL was reported, so it is blacklisted and a warning message appears if someone lands on it. Hopefully more of such URL’s will be blacklisted for the user’s sake.
How to protect your PC?
The rising popularity in malvertising is alarming, to say the least, and it is quite natural that virtually every user wants to protect their system form it. The best piece of advice that any malware expert could give is that every computer user should have a profession antimalware tool, which has a constantly updated database, active at all times, because malware distributors will not stop looking for new ways to exploit the everyday user’s operating system. And of course it goes without saying that safe browsing habits could reduce the risk factor of getting your system infected significantly.
100% FREE spyware scan and
tested removal of Malware chefs: the flavor of a cookie - dangerous!*
0 Comments.