A global malvertising ring that used sophisticated techniques has been shut down. The threat went unnoticed for months and exploited millions of computers.

Malvertsing is the use of online advertising to spread malware, by injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.

This latest large-scale attack has been made by a group known as AdGholas. The operation ran from at least October 2015, distributing malicious advertisements through over 100 ad exchanges, getting served 1 million and 5 million times a  day.

Research by Proofpoint estimates that 10 to 20 percent of computers that loaded the malicious adverts were forwarded to servers hosting exploit kits. These kits are web-based attack tools that attempt to install malware.

The malvertising code used complex checks to ensure that the visiting computers were not virtual machines used by security researchers or by the ad networks themselves to discover malware.

The malvertsing code also filtered victims based on their geolocation and to serve certain malware programs, such as online banking Trojans, to users in specific regions. It is likely that the AdGholas operation was paid by cyber criminals to distribute the malware in a targeted way.

The reason why the malware was so difficult to identify t is that the ring used steganography to hide the attack. Steganography is a technique of hiding code inside images. The malware ads contained images with encrypted JavaScript code inside that was only extracted and executed for selected computers passing the required checks and filters.

The operation was closed down on 20 July following action from the advertising industry.

Beating malvertsing

  • Consider using ad blocking tools that do not allow online advertising to show.
  • Ensure that users practice good password hygiene, such as not storing login details and passwords on browsers or computers.
  • Protect the data stored on each computer using local data encryption so that malware cannot access data.
  • Regularly backup computers so that if malware corrupts, deletes or ransoms data the device can be wiped or replaced without permanently losing the data stored on the computer.

How to ensure complete data protection

  • Cibecs is a complete backup and data protection suite, the includes:
  • Backup & recovery
  • Local data encryption
  • PC refresh and migration
  • Data theft Prevention and remote wipe
  • Device geo-location
  • Corporate governance compliance

Watch the full Cibecs demo here


IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence. The ransomware statistics paint a frightening picture for anyone in charge of IT: In Q3 2016 alone, 18 million new malware samples were captured. Source: Panda Labs   What that means is that the criminals…

Cibecs Joins Silicon Valley Top 20

Cibecs Joins Silicon Valley Companies to be Listed on Top 20 Most Promising Storage Solution Providers Cibecs, a leading South African endpoint backup, protection and security solution, has been recognised as one of the 20 Most Promising Storage Solutions by CIO Review. The list, compiled by industry insiders, highlights leading global technology providers that offer effective…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

Discover how easy endpoint data protection can be