Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.
Sign in to follow this  
Followers 0
rbear

Big-Name Sites Hit By Rash Of Malicious Ads Spreading Crypto Ransomware

1 post in this topic

Normally I wouldn't write about things like this, however, its really scarry out there. Take for instance just visiting a news site can install these things.. I have bolded what I have been infected with before for about 8 months or more before, finally detecting it. It was auto installed numerous times, sometimes without any ability to stop it. Basically, file dl's automatically from just visiting a website, auto opens and installs ???. You go back to look for the files wherever, they are not there. Every now and then the original dl is there, other times it self deletes. Anyhow you get the idea.., on to the story. Also somehow the json files auto scan and infect your products with non legit updates, presumably to take your clipboard.

---------------------

Mainstream websites are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned. 

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when "Angler," a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network. 

According to a separate blog post from Trustwave's SpiderLabs group, one JSON-based file being served in the ads has more than 12,000 lines of heavily obfuscated code. When researchers deciphered the code, they discovered it enumerated a long list of security products and tools it avoided in an attempt to remain undetected. 

"If the code doesn't find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page," SpiderLabs researchers Daniel Chechik, Simon Kenin, and Rami Kogan wrote. "Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble." 

continues

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Restore formatting

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

Sign in to follow this  
Followers 0

Our website is made possible by displaying online advertisements to our visitors.

Please consider supporting us by disabling your ad blocker.