malvertsing

 

A global malvertising ring that used sophisticated techniques has been shut down. The threat went unnoticed for months and exploited millions of computers.

Malvertsing is the use of online advertising to spread malware, by injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.

This latest large-scale attack has been made by a group known as AdGholas. The operation ran from at least October 2015, distributing malicious advertisements through over 100 ad exchanges, getting served 1 million and 5 million times a  day.

Research by Proofpoint estimates that 10 to 20 percent of computers that loaded the malicious adverts were forwarded to servers hosting exploit kits. These kits are web-based attack tools that attempt to install malware.

The malvertising code used complex checks to ensure that the visiting computers were not virtual machines used by security researchers or by the ad networks themselves to discover malware.

The malvertsing code also filtered victims based on their geolocation and to serve certain malware programs, such as online banking Trojans, to users in specific regions. It is likely that the AdGholas operation was paid by cyber criminals to distribute the malware in a targeted way.

The reason why the malware was so difficult to identify t is that the ring used steganography to hide the attack. Steganography is a technique of hiding code inside images. The malware ads contained images with encrypted JavaScript code inside that was only extracted and executed for selected computers passing the required checks and filters.

The operation was closed down on 20 July following action from the advertising industry.

Beating malvertsing

  • Consider using ad blocking tools that do not allow online advertising to show.
  • Ensure that users practice good password hygiene, such as not storing login details and passwords on browsers or computers.
  • Protect the data stored on each computer using local data encryption so that malware cannot access data.
  • Regularly backup computers so that if malware corrupts, deletes or ransoms data the device can be wiped or replaced without permanently losing the data stored on the computer.

How to ensure complete data protection

  • Cibecs is a complete backup and data protection suite, the includes:
  • Backup & recovery
  • Local data encryption
  • PC refresh and migration
  • Data theft Prevention and remote wipe
  • Device geo-location
  • Corporate governance compliance

Watch the full Cibecs demo here

 

FEATURED POSTS
Two ways technology is bad for your employees

Using technology to make a business more efficient and effective is vital to the growth and sustainability of the organisation. However, while it can make a business more efficient, it’s essential to remember that technology can also create an unfriendly workplace and even prevent users from getting work done. Speed of Work Technology helps to…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

CIO and compliance

The Chief Information Officer (CIO) plays a crucial part in assisting with compliance within organisations. The IT department provides technology resources and skills that are needed by corporate compliance officers when conducting projects that assist in keeping their company in line with laws and regulations. The problem is that compliance officers often have to rely on other departments…

Discover how easy endpoint data protection can be