ADOTAS — Some are familiar with security threats tied to online ads; cybercriminals can exploit vulnerabilities in the ads to redirect users to malicious sites or otherwise download malware on victims’ machines once they click. But what happens when the bad guys become advertisers?
Malwarebytes has uncovered an alleged rogue ad network deliberately redirecting clickers to malicious websites. The ads have appeared on 123greetings[dot]com and beeg[dot]com, according to the company.
Senior security researcher Jérôme Segura (pictured) has published a blog post detailing how it all works. Segura said he believes that the rogue ad agency (suspected of being controlled by Russian cybercriminals) approaches various high-traffic websites and offers to display their ads. But ultimately, the motivation is to push malware through them. He dissected one of these ads and found that it leads victims to a page hosting an exploit kit known as RIG EK, which then exploits Flash and installs a Trojan (Trojan.Agent.ED).
“This particular ad may have been placed on a number of websites, big and small and leading to several thousand infections,” said Segura.
To protect against this type of threat, Segura recommends users disable Flash or use tools like NoScript. It may degrade your web browsing experience, he notes, but is a pretty effective method of avoiding this and other web threats. Malwarebytes Anti-Exploit (free for consumers) is another option, he said.